oss-sec mailing list archives
Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors
From: <cve-assign () mitre org>
Date: Mon, 16 Jan 2017 19:13:04 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
[] coders/ipl.c: "ipl file missing malloc check" Debian Bug: https://bugs.debian.org/851485 Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
Use CVE-2016-10144.
[] coders/wpg.c: off-by-one error Debian Bug: https://bugs.debian.org/851483 Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
Use CVE-2016-10145.
[] magick/profile.c: double-free memory corruption Debian Bug: https://bugs.debian.org/851383 Upstream Bug: https://github.com/ImageMagick/ImageMagick/issues/354 Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
Use CVE-2017-5506.
[] coders/mpc.c: memory leak in mpc file handling Debian Bug: https://bugs.debian.org/851382 Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
Use CVE-2017-5507.
[] PushQuantumPixel heap buffer-overflow Debian Bug: https://bugs.debian.org/851381 Upstream report: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161 https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175
Use CVE-2017-5508.
[] memory leak in caption and label handling Debian Bug: https://bugs.debian.org/851380 Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
Use CVE-2016-10146.
[] coders/psd.c: out-of-bounds write flaw in psd file handling Debian Bug: https://bugs.debian.org/851377 Upstream report: https://github.com/ImageMagick/ImageMagick/issues/350
Use CVE-2017-5509.
[] coders/psd.c: out-of-bounds write flaw in psd file handling (different issue from the above) Debian Bug: https://bugs.debian.org/851376 Upstream report: https://github.com/ImageMagick/ImageMagick/issues/348
Use CVE-2017-5510.
[] coders/psd.c: memory corruption heap overflow Debian Bug: https://bugs.debian.org/851374 Upstream report: https://github.com/ImageMagick/ImageMagick/issues/347
Use CVE-2017-5511. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYfV+eAAoJEHb/MwWLVhi2QIcQALYMUMbHIVzC/24Y52Ew+i4A r5V0YSNAC0vPdKoF4zbpOeeOfQjrvPhdM4t0cvcRZnzNvlig81CyB4O72791d6Gz g6HJ0Gnmkl9evckmw4vT9zVknf1FZ+q3bMe1rRR2b8JfhI4ZMLaPQcc9r7KapN9C pMh/Am+PT+h3OZN+GQQnPj5MHgr2znYROM1tiqi9roj4E5HTBJmGoDypd503TTI8 ljbje8cmCykJsy+te/qft5avhYujLkiVABu/jOgfxL+8lWXPWS8rRjgspgpt34Hl S7J+L5FX5U2AAutwLxmzTM7sI+eyLWZtAJOBJ0tS0/mhQ236F1T7zwQRzSlhKxBY 1u/SbXLckTlXaeKqzxglSUUgJCFeCFLdMfT0jwlrP7wbMD8BxhHBAuiEulNRJOFA JOrZAClEJv4toG2+Cd9CxDFosqaih2PB0uDIantimLB50zWBrytcNel7UMxrpH1K QXYxUpuzc/Odr7KvuFS0n1QislNiRzdEIt9VnvF8RWrgBwYe/Xh78YGFgB8K0GdW 9gHoI9FOAAqP1g/+6Rwh2NJvIAraEthQQzPNNvazCKrCYeyCflMlc4uypAkFxyQS Pw6B5RNiWcH1UewKJnglJpgMboXkEFMRjZg3ccLYTet9qn4M4bbn5m2iQGJQYzwn 6HF+uhc12KUYrnrDbJp2 =Io2X -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors Salvatore Bonaccorso (Jan 16)
- Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors cve-assign (Jan 16)