Re: Imagemagick fuzzing bug

[Yury German <yury () technologysecure com>]

Do we have a CVE assigned to this by chance?

> On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES <roucaries.bastien () gmail com> wrote:
>
> Hi,
>
> during the previous month google and Jodie Cunningham.
> have done a security audit of imagemagick and found a lot of security bug:
>  * Avoid a DOS in vision.c due to an infinite loop.
>  * Avoid a SEGV due to a corrupted pnm file.
>  * Do not leak fd due to corrupted file.
>  * Fix a double free in pdb coder.
>  * Fix a SEGV due to corrupted dpc and xwd images.
>  * Fix a SEGV in dpx file handler.
>  * Fix a SEGV in malformed xwd file handler.
>  * Avoid a NULL pointer dereference in ps file handling.
>  * Fix a crash with corrupted viff file.
>  * Fix a NULL pointer dereference in wpg file handling.
>  * Do not continue on corrupted wpg file.
>  * Avoid an out of bound access in viff image.
>  * Avoid a heap buffer overflow in pdb file handling.
>  * Avoid an out of bound acess on malformed sun file.
>  * Avoid heap overflow in palm, pnm and xpm files.
>  * Fix heap overflow in quantum, palm and psd file.
>  * Fix handling of corrupted of psd, sun and xpm file.
>  * Fix corrupted (too many colors) psd file.
>  * Fix an out of bound acess in sun file.
>  * Fix handling of corrupted sun and wpg file.
>  * Fix heap overflow in pcx file, psd, pict and wpf files
>    and DOS in xpm files.
>  * Add additional PNM sanity checks.
>  * Avoid a crash to out of memory in magick/cache.c
>  * Fix a theorical out of bound access in magick/colormap-private.h
>  * Fix an out of bound access in palm file.
>  * Fixed throwing of exceptions in psd handling and fix a memory leak.
>  * Fixed boundary checks in DecodePSDPixels.
>  * Fix another out of bound problem in rle file.
>  * Fix crash due to corrupted dib file.
>  * Added checks to prevent overflow in rle file.
>  * Impose a limit of 10 million columns or rows in an input PNG
>  * Don't try to handle a "previous" image in the JNG decoder.
>  * Avoid a memory leak in quantum management.
>  * Avoid a crash in png coder.
>  * Thread limit should be at least 1 in order to be efficient.
>  * In psd file handling fixed parsing resource block and
>    avoid a crash.
>  * In cache fix usage of object after it has been destroyed.
>  * Avoid a memory leak in rle file handling.
>  * During identification of image do not fill memory
>
> Patch queue is here:
> http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/6.8.9.9-4-for-upstream

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail