oss-sec mailing list archives
Re: New vulnerabilty in imagemagick
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 08 Apr 2013 12:53:53 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/07/2013 06:57 AM, Bastien ROUCARIES wrote:
Hi, Imagemagick url coder is affected by a NULL deference trigerrable by user It only occurs when you use a URL as an image filename and you can't write to the temporary directory which is typically /tmp or whereever MAGICK_TMPDIR env variable points. As the debian mainteners I believe this is a security (minor) bug that could lead to local dos at least. Upstream bug is here http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23117 Could you please open a candidate CVE number ? Patch here fix the bug.
I'm not seeing any way to trigger this vulnerability reliably (you can't send a mangled image, you have to fill up /tmp or something). Also the DOS is simply the program can't open the file. Am I missing something? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRYxJBAAoJEBYNRVNeJnmTrPgQAKj5T+c11EB/DqF1KCr2JgoG BBAJu7JpfTtH+vqZVc6CXySFNOZXrVVzQ66LUmiyyPFvsNIHFgaD58YW3+a3dLuS 4i1lkvjpMRZ2qoGFad86FwsejWIgUuxeC8Y4VxCssqSxfD35YAE6QP2a/hX+kCv+ T/eYWb1hR2rHGSAb6d+5QWKr+R/wonpR9QfykM1pbbdp1kUFlmaosL+GwZOk6Ps/ m/vvyUyUN8gTmNYCdn0inMQslAUAQlFwSjhyNRIkn/5mxJIYPltTGMnRtT5hRo0R gQ9ly6X7ICaVEqU6+SgR77gNNxm3pAhEv5OE6koyqiRWgtQmCrC3UYFsy1ryrnyz ObfsuM8vIMQh2fVkR094dby/4kMv3mP1alWtQMg8F7AggplbGAko9i5jlD6GL6XJ yauMcRJ+tGwAaJlx+I2CiwkxxgMNMXBjJUzfRxMoRbRAGHKsWDzk4AfqWZfSF/sr 9E111bRls1ph3PqE1NhHc7ZX6KBaeUuOHIstvcsm5FJtR3nPan0QwcDQu5bQL1ZN Pi2VGImhL1cPvKFWw5gANnTRoEFXNp+S4sk4TWQY3a/P8Aenzpia4wAjzV47zETo BuP07lz44xAT7PhMxyViqDkN/gCQZNpr6Vm14UKoF7OuzP+5qBQ4oP4cigAOdX+9 aUosZhVuRQbc5/ht+akK =rJMU -----END PGP SIGNATURE-----
Current thread:
- New vulnerabilty in imagemagick Bastien ROUCARIES (Apr 07)
- Re: New vulnerabilty in imagemagick Kurt Seifried (Apr 08)