Re: Re: GraphicsMagick heap out of bounds write issue

[Bob Friesenhahn <bfriesen () simple dallas tx us>]

This problem has been issued CVE-2017-6335.

The original reporter has tried to post CVE-assignment information to 
the list but the mail has not made it through yet.

Bob

On Fri, 24 Feb 2017, Bob Friesenhahn wrote:

> I would like to ammend this report in that the situation is a read beyond an 
> allocated heap buffer rather than a write beyond the end of an allocated heap 
> buffer as was originally reported.  The application may crash but should not 
> be otherwise compromised.
>
> Bob
>
> On Thu, 23 Feb 2017, Bob Friesenhahn wrote:
>
> > GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated 
> > heap buffer when reading CMYKA TIFF files which claim to offer fewer 
> > samples per pixel than required.
> >
> > This is the tiffinfo description of the problematic TIFF file:
> >
> > TIFF Directory at offset 0x808 (2056)
> >  Image Width: 34 Image Length: 48
> >  Bits/Sample: 8
> >  Sample Format: unsigned integer
> >  Compression Scheme: None
> >  Photometric Interpretation: separated
> >  Extra Samples: 1<unassoc-alpha>
> >  Orientation: row 0 top, col 0 lhs
> >  Samples/Pixel: 2
> >  Rows/Strip: 32
> >  Planar Configuration: single image plane
> >
> > The fix for this is Mercurial changeset 14998:6156b4c2992d which may be 
> > viewed at SourceForge via this link:
> >
> > https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
> >
> > A minimal patch to correct the problem is attached.
> >
> > This issue was reported to us on February 15, 2017 by Valon Chu.
> >
> > Bob

--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/