oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability"

From: cve-assign () mitre org
Date: Wed, 19 Feb 2014 18:40:04 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


(We will proceed with option 2 unless option 1 is substantially better
for someone.)


Option 2 has now been chosen.

The clarified meaning of CVE-2014-1947 is now the vulnerability in
older ImageMagick versions (such as 6.5.4) that use the "L%02ld"
string. The root cause here is that the code did not cover the case of
more than 99 layers, which is apparently allowable but relatively
uncommon. This has a resultant buffer overflow, e.g, L99\0 is safe but
L100\0 is unsafe. When the overflow occurs, it can be described as "1
or more bytes too many."

A new ID of CVE-2014-2030 is now assigned for the vulnerability in
newer ImageMagick versions that use the "L%06ld" string. The root
cause here is that the code did not recognize the relationship between
the 8 (or more) characters in "L%06ld" and the actual buffer size.
This has a resultant buffer overflow of "4 or more bytes too many."

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTBUBdAAoJEKllVAevmvms6DMIAKIPMAVIsUycaTjAgTdFoUmj
aDrKyOIAWMLWNE4wOUBDLQkrObjwwptbh7AptBr2L1bscUPiLao1A2CQwXLtZDVV
RX41OJ62YlZFZnPRay997+4oM5tbHa27UIc60paPFK8FBfMthf4JLWvuVUxWnFXl
CI+9XYRvkW6bdEQng9UDA9xTjuUJWPzemjscbS4+WvixU3+iCwhZF5lCSjICarXU
ZB5bmTnKqJPPhLvUB/6xIAhfGzXF7XuriGQL1jS1gllIZ59MKpOreRPNWgsWTVEs
HfFxtx1OvfdDPB/twSeK7viVJiKm9fNHZYCYCKoQooxd6Ks84MDzGP835c2yLvU=
=WQsh
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: