oss-sec mailing list archives
Re: CVE requests: three vulnerabilities in ImageMagick
From: Mohammad Tausif Siddiqui <msiddiqu () redhat com>
Date: Fri, 20 Dec 2019 13:11:08 +0530
Hi Galycannon, Whom did you request the CVE ? Please follow this: https://cve.mitre.org/cve/request_id.html On Thu, Dec 19, 2019 at 5:14 PM GalyCannon <galycannon () gmail com> wrote:
Hi, I have found three vulnerabilities in ImageMagick and all this have patched by ImageMagick developer team. However, I requested cve ids for these vulveribilities and get no any response. How should I request CVE ids for vulnerilities I found in ImageMagick now? Which CNA should I contact with to assign CVE ids for open source software such as imagemagick? The three vulnerabilities details as below. 1. heap-buffer-overflow in WritePNGImage of png.c [Suggested description] In ImageMagick 7.0.8-43 and ImageMagick6 6.9.10-43, there is a heap-buffer-overflow overflow in the function WritePNGImage of png.c , which allows remote attackers to cause arbitrary code execution, denial of service or possibly have unspecified other impact via a crafted image file . [Vendor of Product] https://imagemagick.org [Affected Component] function WritePNGImage of png.c [Attack Type] Remote [Attack Vectors] magick convert $poc ./test.png [Reference] https://github.com/ImageMagick/ImageMagick/issues/1561 https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 [Discoverer] galycannon of JDCloud Security Team 2. heap-buffer-overflow in WriteSGIImage of coders/sgi.c [Suggested description] In ImageMagick 7.0.8-43 and ImageMagick6 6.9.10-43, there is a heap-buffer-overflow overflow in the function WriteSGIImage of coders/sgi.c , which allows remote attackers to cause arbitrary code execution, denial of service or possibly have unspecified other impact via a crafted image file . [Vendor of Product] https://imagemagick.org [Affected Component] function WriteSGIImage of coders/sgi.c [Attack Type] Remote [Attack Vectors] magick convert $poc ./test.sgi [Reference] https://github.com/ImageMagick/ImageMagick/issues/1562 https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 [Discoverer] galycannon of JDCloud Security Team 3. heap-use-after-free in MngInfoDiscardObject of coders/png.c [Suggested description] In ImageMagick 7.0.9-7, there is a heap-use-after-free in function MngInfoDiscardObject of coders/png.c , which allows remote attackers to cause arbitrary code execution, denial of service or possibly have unspecified other impact via a crafted image file . [Vendor of Product] https://imagemagick.org [Affected Component] function MngInfoDiscardObject of coders/png.c [Attack Type] Remote [Attack Vectors] magick convert $poc /dev/null [Reference] https://github.com/ImageMagick/ImageMagick/issues/1791 https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c [Discoverer] galycannon of JDCloud Security Team Regards, galycannon
-- Tausif Siddiqui Red Hat Product Security 0EE1 F6BF 8991 9A65 0A79 A0A7 5849 60EC 88B8 2C71
Current thread:
- CVE requests: three vulnerabilities in ImageMagick GalyCannon (Dec 19)
- Re: CVE requests: three vulnerabilities in ImageMagick Mohammad Tausif Siddiqui (Dec 20)