oss-sec mailing list archives

Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors

From: <cve-assign () mitre org>
Date: Mon, 16 Jan 2017 19:13:04 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

[] coders/ipl.c: "ipl file missing malloc check"
Debian Bug: https://bugs.debian.org/851485
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20


Use CVE-2016-10144.

[] coders/wpg.c: off-by-one error
Debian Bug: https://bugs.debian.org/851483
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9


Use CVE-2016-10145.

[] magick/profile.c: double-free memory corruption
Debian Bug: https://bugs.debian.org/851383
Upstream Bug: https://github.com/ImageMagick/ImageMagick/issues/354
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb


Use CVE-2017-5506.

[] coders/mpc.c: memory leak in mpc file handling
Debian Bug: https://bugs.debian.org/851382
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738


Use CVE-2017-5507.

[] PushQuantumPixel heap buffer-overflow
Debian Bug: https://bugs.debian.org/851381
Upstream report: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175


Use CVE-2017-5508.

[] memory leak in caption and label handling
Debian Bug: https://bugs.debian.org/851380
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456


Use CVE-2016-10146.

[] coders/psd.c: out-of-bounds write flaw in psd file handling
Debian Bug: https://bugs.debian.org/851377
Upstream report: https://github.com/ImageMagick/ImageMagick/issues/350


Use CVE-2017-5509.

[] coders/psd.c: out-of-bounds write flaw in psd file handling
(different issue from the above)
Debian Bug: https://bugs.debian.org/851376
Upstream report: https://github.com/ImageMagick/ImageMagick/issues/348


Use CVE-2017-5510.

[] coders/psd.c: memory corruption heap overflow
Debian Bug: https://bugs.debian.org/851374
Upstream report: https://github.com/ImageMagick/ImageMagick/issues/347


Use CVE-2017-5511.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+eAAoJEHb/MwWLVhi2QIcQALYMUMbHIVzC/24Y52Ew+i4A
r5V0YSNAC0vPdKoF4zbpOeeOfQjrvPhdM4t0cvcRZnzNvlig81CyB4O72791d6Gz
g6HJ0Gnmkl9evckmw4vT9zVknf1FZ+q3bMe1rRR2b8JfhI4ZMLaPQcc9r7KapN9C
pMh/Am+PT+h3OZN+GQQnPj5MHgr2znYROM1tiqi9roj4E5HTBJmGoDypd503TTI8
ljbje8cmCykJsy+te/qft5avhYujLkiVABu/jOgfxL+8lWXPWS8rRjgspgpt34Hl
S7J+L5FX5U2AAutwLxmzTM7sI+eyLWZtAJOBJ0tS0/mhQ236F1T7zwQRzSlhKxBY
1u/SbXLckTlXaeKqzxglSUUgJCFeCFLdMfT0jwlrP7wbMD8BxhHBAuiEulNRJOFA
JOrZAClEJv4toG2+Cd9CxDFosqaih2PB0uDIantimLB50zWBrytcNel7UMxrpH1K
QXYxUpuzc/Odr7KvuFS0n1QislNiRzdEIt9VnvF8RWrgBwYe/Xh78YGFgB8K0GdW
9gHoI9FOAAqP1g/+6Rwh2NJvIAraEthQQzPNNvazCKrCYeyCflMlc4uypAkFxyQS
Pw6B5RNiWcH1UewKJnglJpgMboXkEFMRjZg3ccLYTet9qn4M4bbn5m2iQGJQYzwn
6HF+uhc12KUYrnrDbJp2
=Io2X
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors Salvatore Bonaccorso (Jan 16)
- Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors cve-assign (Jan 16)