oss-sec mailing list archives
Re: Stack overflow in imagemagick coders/tiff.c
From: Bastien Roucariès <rouca () debian org>
Date: Mon, 29 May 2023 17:15:31 +0000
Le lundi 29 mai 2023, 08:11:18 UTC Bastien Roucariès a écrit : Hi following this bug I will also ask a few other CVE for imagemagick tiff coder (BTW cc me I am not subscribed)
Hi,
CVE#0
Reading changelog and code of imagemagick, I want to report a stack overflow with crafted tiff file in imagemagick Fixed (after 6.9.12-26) by: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 Original reporter was Muhammad Aldo Firmansyah Thanks Bastien (rouca)
CVE #1 commit 7dbefda1c14e32d7bc4d3762a3a54f3ddaa85dd1 Author: Dirk Lemstra <dirk () lemstra org> Date: Sat Feb 19 07:46:46 2022 +0100 Raise exception when image could not be read but no exception was raised. Bail out in case of corrupted image https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b (cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b) CVE#2 commit 08f1e56a006d939dc85ddfab29e85579a65f4943 Author: Cristy <urban-warrior () imagemagick org> Date: Fri Feb 11 10:46:49 2022 -0500 Fix unintialised value bug: https://github.com/ImageMagick/ImageMagick/issues/4830 origin: https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab CVE#3 commit fb2beb87936fc0155431f655a937e869a86edf16 Author: Cristy <urban-warrior () imagemagick org> Date: Thu Mar 17 15:02:49 2022 -0400 Fix buffer overrun in TIFF coder bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549 origin: https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238 commit 4e1a165888a6aa7230dbdd7c87f59aadd5dbedec Author: Cristy <mikayla-grace () urban-warrior org> Date: Fri Dec 17 14:05:04 2021 -0500 Fix buffer overrun in TIFF coder origin: https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd commit 1b899a81bfdfec4cbe1ec7458825c50f00144fdb Author: Cristy <mikayla-grace () urban-warrior org> Date: Sun Mar 14 07:44:52 2021 -0400 Fix buffer overrun in TIFF coder origin: https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5 CVE#4 commit 01669597f665868cf1e4ccf27ab6fcd52aadaa43 Author: Cristy <mikayla-grace () urban-warrior org> Date: Sat Nov 6 09:01:26 2021 -0400 early exit on exception In case of malformed tiff image bail early origin: https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50 (cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50) CVE#5 commit 506cdfbc6d246301be4b12ccdfc6d493c643deca Author: Cristy <mikayla-grace () urban-warrior org> Date: Sat Sep 4 07:45:17 2021 -0400 initialize buffer before calling TIFFGetField() bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592 bug: https://github.com/ImageMagick/ImageMagick6/issues/246 origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae commit f4ac98518241b8074735314f27b7eb47ee823e57 Author: Cristy <mikayla-grace () urban-warrior org> Date: Fri Sep 3 19:45:32 2021 -0400 Fix a non initialized value passed to TIFFGetField() bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592 bug: https://github.com/ImageMagick/ImageMagick6/issues/246 origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae CVE#6 commit 0c1a7d649cfc31ec53f0f5c20c0e793df2512ac5 Author: Cristy <mikayla-grace () urban-warrior org> Date: Mon Jul 26 13:38:45 2021 -0400 heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) bug: https://github.com/ImageMagick/ImageMagick6/issues/245 origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea commit b0c59a56625aaa3a9c13bfe4f88e287c38e062c9 Author: Cristy <mikayla-grace () urban-warrior org> Date: Mon Jul 26 13:26:21 2021 -0400 heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) origin: https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532 bug: https://github.com/ImageMagick/ImageMagick6/issues/245 commit b7882f2795db4e4e8f578cbe712dc4b81a47113f Author: Cristy <mikayla-grace () urban-warrior org> Date: Mon Jul 26 13:08:57 2021 -0400 heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell) origin: https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d bug: https://github.com/ImageMagick/ImageMagick6/issues/245
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso (Jun 13)
- Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn (Jun 14)