Information disclosure enables an attacker to gain valuable information about a system.
漏洞概要
以下安全公告描述了在GraphicsMagick中发现的两个漏洞。
GraphicsMagick是“图像处理方面的瑞士军刀。 基础包中的源码共有267K行(根据David A. Wheeler统计),它提供了强大而有效的工具和库,支持读,写超过88种主要图像处理格式,包括DPX,GIF,JPEG,JPEG-2000,PNG,PDF,PNM和TIFF等重要格式。
在GraphicsMagick中发现的两个漏洞是:
漏洞提交者
一位独立的安全研究人员Jeremy Heng(@nn_amon)和Terry Chia(Ayrx)向 Beyond Security 的 SSD 报告了该漏洞
厂商响应
厂商已经发布了这些漏洞的补丁(15237:e4e1c2a581d8 and 15238:7292230dd18)。获取更多信息: ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt
Vulnerabilities summary
The following advisory describes two (2) vulnerabilities found in GraphicsMagick.
GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler’s SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 88 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, and TIFF.”
The vulnerabilities found are:
Credit
An independent security researchers, Jeremy Heng (@nn_amon) and Terry Chia (Ayrx), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Vendor response
The vendor has released patches to address these vulnerabilities (15237:e4e1c2a581d8 and 15238:7292230dd18).
For more details: ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt
CVE-2017-16352, CVE-2017-16353
Continue reading SSD Advisory – GraphicsMagick Multiple Vulnerabilities
Vulnerability Summary
The following advisory describes an Crash found in K7 Total Security.
Credit
An independent security researcher, Kyriakos Economou aka @kyREcon, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Vendor response
K7 has released patches to address this vulnerability – K7TotalSecurity version 15.1.0.305
CVE: CVE-2017-18019
Continue reading SSD Advisory – K7 Total Security Device Driver Arbitrary Memory Read
Vulnerability Summary
The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21
Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G and 4G cellular technologies.”
Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
We tried to contact Geneko since August 2 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.
Continue reading SSD Advisory – Geneko Routers Information Disclosure
