Re: CVE requests: three vulnerabilities in ImageMagick

[Mohammad Tausif Siddiqui <msiddiqu () redhat com>]

Hi Galycannon,

Whom did you request the CVE ? Please follow this:
https://cve.mitre.org/cve/request_id.html

On Thu, Dec 19, 2019 at 5:14 PM GalyCannon <galycannon () gmail com> wrote:

> Hi,
>    I have found three vulnerabilities in ImageMagick and all this have
> patched by ImageMagick developer team. However, I requested cve ids for
> these vulveribilities and get no any response. How should I  request CVE
> ids for vulnerilities I found in ImageMagick now? Which CNA should I
> contact with to assign CVE ids for open source software such as
> imagemagick?
>    The three vulnerabilities details as below.
>     1. heap-buffer-overflow in WritePNGImage of png.c
> [Suggested description]
> In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
> heap-buffer-overflow overflow in the function WritePNGImage of png.c ,
> which allows remote attackers to cause  arbitrary code execution, denial of
> service or possibly have unspecified other impact via a crafted image file
> .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function WritePNGImage of png.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc ./test.png
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1561
>
> https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
>
>
> https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
>    2. heap-buffer-overflow in WriteSGIImage of coders/sgi.c
> [Suggested description]
> In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
> heap-buffer-overflow overflow in the function WriteSGIImage of coders/sgi.c
> , which allows remote attackers to cause  arbitrary code execution, denial
> of service or possibly have unspecified other impact via a crafted image
> file  .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function WriteSGIImage of coders/sgi.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc ./test.sgi
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1562
>
> https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c
>
>
> https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
>  3. heap-use-after-free in MngInfoDiscardObject of coders/png.c
> [Suggested description]
> In ImageMagick   7.0.9-7, there is a heap-use-after-free in function
> MngInfoDiscardObject of coders/png.c , which allows remote attackers to
> cause  arbitrary code execution, denial of service or possibly have
> unspecified other impact via a crafted image file  .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function MngInfoDiscardObject of coders/png.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc /dev/null
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1791
>
> https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
> Regards,
> galycannon


-- 

Tausif Siddiqui

Red Hat Product Security

0EE1 F6BF 8991 9A65 0A79  A0A7 5849 60EC 88B8 2C71