oss-sec mailing list archives
Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)
From: cve-assign () mitre org
Date: Thu, 22 Sep 2016 01:17:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Date: Sun, 7 Aug 2016 17:12:15 +0200
off-by-one error leading to segfault:
Debian Bug: https://bugs.debian.org/832455
Additional references:
----------------------
https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
Use CVE-2016-7513.
out-of-bounds read in coders/psd.c:
Debian Bug: https://bugs.debian.org/832457
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1533442
https://github.com/ImageMagick/ImageMagick/issues/83
https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f
https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7514.
rle file handling for corrupted file:
Debian Bug: https://bugs.debian.org/832461
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1533445
https://github.com/ImageMagick/ImageMagick/issues/82
https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7515.
buffer overflow in sun file handling:
Debian Bug: https://bugs.debian.org/832464
Additional references:
----------------------
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
Use CVE-2015-8957.
potential DOS in sun file handling due to malformed files:
Debian Bug: https://bugs.debian.org/832465
Additional references:
----------------------
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
Use CVE-2015-8958.
out of bounds problem in rle, pict, viff and sun files:
Debian Bug: https://bugs.debian.org/832467
https://bugs.launchpad.net/bugs/1533452 https://github.com/ImageMagick/ImageMagick/issues/77 AddressSanitizer: heap-buffer-overflow READ of size 4 viff.c
Use CVE-2016-7516.
https://bugs.launchpad.net/bugs/1533449 https://github.com/ImageMagick/ImageMagick/issues/80 AddressSanitizer: heap-buffer-overflow READ of size 1 pict.c
Use CVE-2016-7517.
https://bugs.launchpad.net/bugs/1533447 https://github.com/ImageMagick/ImageMagick/issues/81 AddressSanitizer: heap-buffer-overflow READ of size 1 sun.c
Use CVE-2016-7518.
https://bugs.launchpad.net/bugs/1533445 https://github.com/ImageMagick/ImageMagick/issues/82 AddressSanitizer: heap-buffer-overflow READ of size 1 rle.c
Use CVE-2016-7519.
heap overflow in hdr file handling:
Debian Bug: https://bugs.debian.org/832469
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537213
https://github.com/ImageMagick/ImageMagick/issues/90
https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7520.
heap buffer overflow in psd file handling:
Debian Bug: https://bugs.debian.org/832474
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537418
https://github.com/ImageMagick/ImageMagick/issues/92
https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7521.
out of bound access for malformed psd file:
Debian Bug: https://bugs.debian.org/832475
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537419
https://github.com/ImageMagick/ImageMagick/issues/93
https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
AddressSanitizer: heap-buffer-overflow
READ of size 2
Use CVE-2016-7522.
meta file out of bound access:
Debian Bug: https://bugs.debian.org/832478
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537420
https://github.com/ImageMagick/ImageMagick/issues/96
https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6
https://github.com/ImageMagick/ImageMagick/commit/5a34d7ac889bd6645f6cfd164636e3efb56dbb2f
We are not sure that we understand this set of references. bugs/1537420 does not link to issues/96. We will assign separate CVE IDs for these pairs of references:
https://bugs.launchpad.net/bugs/1537420 https://github.com/ImageMagick/ImageMagick/issues/94 AddressSanitizer: heap-buffer-overflow READ of size 1 meta.c:496
Use CVE-2016-7523.
https://bugs.launchpad.net/bugs/1537422 https://github.com/ImageMagick/ImageMagick/issues/96 AddressSanitizer: heap-buffer-overflow READ of size 1 meta.c:465
Use CVE-2016-7524.
heap buffer overflow in psd file coder:
Debian Bug: https://bugs.debian.org/832480
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537424
https://github.com/ImageMagick/ImageMagick/issues/98
https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7525.
out of bound access in wpg file coder:
Debian Bug: https://bugs.debian.org/832482
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1539050
https://bugs.launchpad.net/bugs/1542115
https://github.com/ImageMagick/ImageMagick/issues/102
https://github.com/ImageMagick/ImageMagick/issues/122
https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
We will assign separate CVE IDs for these subsets of the references:
https://bugs.launchpad.net/bugs/1539050 https://github.com/ImageMagick/ImageMagick/issues/102 https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 AddressSanitizer: heap-buffer-overflow WRITE of size 2
Use CVE-2016-7526.
https://bugs.launchpad.net/bugs/1542115 https://github.com/ImageMagick/ImageMagick/issues/122 https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41 AddressSanitizer: global-buffer-overflow READ of size 4096
Use CVE-2016-7527.
out of bound access for viff file coder:
Debian Bug: https://bugs.debian.org/832483
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1537425
https://github.com/ImageMagick/ImageMagick/issues/99
https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
AddressSanitizer: SEGV on unknown address
Use CVE-2016-7528.
out of bound access in xcf file coder:
Debian Bug: https://bugs.debian.org/832504
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1539051
https://bugs.launchpad.net/bugs/1539052
https://github.com/ImageMagick/ImageMagick/issues/104
https://github.com/ImageMagick/ImageMagick/issues/103
https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7529.
out of bound in quantum handling:
Debian Bug: https://bugs.debian.org/832506
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1539067
https://bugs.launchpad.net/bugs/1539053
https://github.com/ImageMagick/ImageMagick/issues/105
https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
https://github.com/ImageMagick/ImageMagick/issues/110
https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
AddressSanitizer: heap-buffer-overflow
WRITE of size 1
Use CVE-2016-7530.
pbd file out of bound access:
Debian Bug: https://bugs.debian.org/832633
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1539061
https://bugs.launchpad.net/bugs/1542112
https://github.com/ImageMagick/ImageMagick/issues/107
AddressSanitizer: heap-buffer-overflow
WRITE of size 28
WRITE of size 1
Use CVE-2016-7531.
Fix handling of corrupted psd file:
Debian Bug: https://bugs.debian.org/832776
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1539066
https://github.com/ImageMagick/ImageMagick/issues/109
AddressSanitizer: heap-buffer-overflow
READ of size 5632
Use CVE-2016-7532.
wpg file out of bound for corrupted file:
Debian Bug: https://bugs.debian.org/832780
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1542114
https://github.com/ImageMagick/ImageMagick/issues/120
https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
AddressSanitizer: heap-buffer-overflow
READ of size 1
Use CVE-2016-7533.
out of bound access in generic decoder:
Debian Bug: https://bugs.debian.org/832785
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1542785
https://github.com/ImageMagick/ImageMagick/issues/126
https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
AddressSanitizer: heap-buffer-overflow
WRITE of size 2
Use CVE-2016-7534.
out of bound access for corrupted psd file:
Debian Bug: https://bugs.debian.org/832787
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1545180
https://github.com/ImageMagick/ImageMagick/issues/128
AddressSanitizer: heap-buffer-overflow
WRITE of size 1
Use CVE-2016-7535.
SEGV reported in corrupted profile handling:
Debian Bug: https://bugs.debian.org/832789
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1545367
https://github.com/ImageMagick/ImageMagick/issues/130
https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
AddressSanitizer: SEGV on unknown address
Use CVE-2016-7536.
out of bound access for corrupted pdb file:
Debian Bug: https://bugs.debian.org/832791
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1553366
https://github.com/ImageMagick/ImageMagick/issues/143
https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
AddressSanitizer: heap-buffer-overflow
READ of size 128
Use CVE-2016-7537.
SIGABRT for corrupted pdb file:
Debian Bug: https://bugs.debian.org/832793
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1556273
https://github.com/ImageMagick/ImageMagick/issues/148
https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
AddressSanitizer: heap-buffer-overflow
WRITE of size 65700
Use CVE-2016-7538.
DOS due to corrupted DDS files:
Debian Bug: https://bugs.debian.org/832944
Additional references:
----------------------
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
https://github.com/ImageMagick/ImageMagick/commit/93ab016764c7f787829d9065440d86f5609765110
This has a stray '9' character. It is supposed to be: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
Use CVE-2015-8959 for this entire coders/dds.c report from 2015.
DOS due to corrupted DDS files:
Debian Bug: https://bugs.debian.org/832942
Additional references:
----------------------
https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
Use CVE-2014-9907 for this entire coders/dds.c report from 2014.
potential DOS by not releasing memory:
Debian Bug: https://bugs.debian.org/833101
Additional references:
----------------------
Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
Use CVE-2016-7539.
writing to rgf format aborts:
Debian Bug: https://bugs.debian.org/827643
Additional references:
----------------------
https://bugs.launchpad.net/bugs/1594060
https://github.com/ImageMagick/ImageMagick/pull/223
Use CVE-2016-7540. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX42gvAAoJEHb/MwWLVhi2ItEP/0xGPlLZNqqWzGSq/xBspzMX bwnMiwZrZXwKktNqOzhi4AhwLFPJzF74nVFf/DX1p5ZkmwfIlIdzFfYfPAlMDPH1 A/NLVnuDGmPOGblStiv92LbIBYXk8Rib1ise+37ekwsG6qa0RIk8VfSS+PTXUa62 4bec1cH+mWKaC5o27jOcWqaGoV2anFicXKiwQfj93HYtiauXN00dzWOtkGK/Av/q NlAe5pABEu8vVgIaXC7ZsHpAMNxlZSU015KffjgdAaXh/NK7g5Pkg9Zj0bo/A72q 5JHYCU7QMJBgnc6QDXC6vM+9DMOmWSzbaYH/5MFF1y897HqaIHhBef1yeg/kRtkX ojzMsVzMls8jdFnRH+05lp63YfL9WKGsXe9o0rQcEX+wWg5rePaJNDLhVc04iSG0 26MjVd/Dd+uhDSLBZpf31tDCjO6rBMO17kl606OUI2isxmUUPogB4iT1tNeM5QtW FqHaH+/i+DArcNI5yWIRf2OmFSfWKjkzJ7IRWvXpCJ1Kbwc8WbJgRqF0r6zVuAq5 gJjgtQUdjoQMhpsPDQkOKjxsCoqBFwv/a6wNeA0o/ov9z6ue8gz9PY/9sxUsgt7N +mMHvGwWg9/CXVxPTZyNjA5ViJUwG/wrl7Hd6Ri5kJqaUNMtX6uB9+BXfFLkUn8Q Kpv5aJqNL+N3osUfnMd4 =GSns -----END PGP SIGNATURE-----
Current thread:
- CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Salvatore Bonaccorso (Aug 07)
- Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) cve-assign (Sep 21)