ImageMagick Multiple Security Vulnerabilities

ImageMagick is prone to multiple security vulnerabilities.

Successfully exploiting these issues may allow an attacker to gain access to sensitive information, bypass certain security restrictions and to perform unauthorized actions or cause a denial-of-service condition. This may aid in launching further attacks. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
ImageMagick version 7.0.8-34 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 108913
Class: Unknown
CVE: CVE-2019-12974
CVE-2019-12975
CVE-2019-12976
CVE-2019-12979
CVE-2019-12977
CVE-2019-12978

Remote: Yes
Local: No
Published: Jun 26 2019 12:00AM
Updated: Jun 26 2019 12:00AM
Credit: The vendor reported this issue.
Vulnerable: ImageMagick ImageMagick 7.0.8-34

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• ImageMagick Homepage (ImageMagick)
  
• Memory leak in function ReadPCLImage #1520 (ImageMagick)
  
• Null pointer deference in function ReadPANGOImage in coders/pango.c #1515 (ImageMagick)
  
• Possible but rare memory leak in function WriteDPXImage #1517 (ImageMagick)
  
• Use-of-uninitialized-value in function ReadPANGOImage #1519 (ImageMagick)
  
• Use-of-uninitialized-value in function SyncImageSettings. #1522 (ImageMagick)
  
• Use-of-uninitialized-value in function WriteJP2Image #1518 (ImageMagick)
  

Source: www.securityfocus.com