oss-sec mailing list archives

CVE requests: three vulnerabilities in ImageMagick

From: GalyCannon <galycannon () gmail com>
Date: Thu, 19 Dec 2019 11:26:09 +0800

Hi,
   I have found three vulnerabilities in ImageMagick and all this have
patched by ImageMagick developer team. However, I requested cve ids for
these vulveribilities and get no any response. How should I  request CVE
ids for vulnerilities I found in ImageMagick now? Which CNA should I
contact with to assign CVE ids for open source software such as imagemagick?
   The three vulnerabilities details as below.
    1. heap-buffer-overflow in WritePNGImage of png.c
[Suggested description]
In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
heap-buffer-overflow overflow in the function WritePNGImage of png.c ,
which allows remote attackers to cause  arbitrary code execution, denial of
service or possibly have unspecified other impact via a crafted image file
.
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function WritePNGImage of png.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc ./test.png
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1561
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce

https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617

[Discoverer]
galycannon of JDCloud Security Team

   2. heap-buffer-overflow in WriteSGIImage of coders/sgi.c
[Suggested description]
In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
heap-buffer-overflow overflow in the function WriteSGIImage of coders/sgi.c
, which allows remote attackers to cause  arbitrary code execution, denial
of service or possibly have unspecified other impact via a crafted image
file  .
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function WriteSGIImage of coders/sgi.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc ./test.sgi
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1562
https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c

https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54

[Discoverer]
galycannon of JDCloud Security Team

 3. heap-use-after-free in MngInfoDiscardObject of coders/png.c
[Suggested description]
In ImageMagick   7.0.9-7, there is a heap-use-after-free in function
MngInfoDiscardObject of coders/png.c , which allows remote attackers to
cause  arbitrary code execution, denial of service or possibly have
unspecified other impact via a crafted image file  .
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function MngInfoDiscardObject of coders/png.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc /dev/null
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1791
https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c

[Discoverer]
galycannon of JDCloud Security Team

Regards,
galycannon

Current thread:

CVE requests: three vulnerabilities in ImageMagick GalyCannon (Dec 19)
- Re: CVE requests: three vulnerabilities in ImageMagick Mohammad Tausif Siddiqui (Dec 20)