From secunia security advisory at $URL: Description Multiple vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with a components count of 0 can be exploited to access uninitialised or invalid memory via a specially crafted JPEG image. The vulnerability is reported in version 6.7.6-2 and prior. 2) Insufficient validation in the "JPEGWarningHandler()" function (coders/jpeg.c) when handling JPEG restart markers may exhaust resources via a specially crafted JPEG image. The vulnerability is reported in version 6.7.6-2 and prior. 3) An error in the "TIFFGetEXIFProperties()" function (coders/tiff.c) when parsing TIFF EXIF IFD may cause invalid memory to be read via a specially crafted TIFF image. The vulnerability is reported in version 6.7.6-2 and prior. 4) An integer overflow error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with an overly large components count may result in invalid heap memory being read. A similar error exists in the "SyncImageProfiles()" function (magick/profile.c). The vulnerability is reported in versions prior to 6.7.6-4. Solution Update to version 6.7.6-4 or apply patches.
6.7.6.4 in Portage. See also bug 409431.
Arches, please test and mark stable: =media-gfx/imagemagick-6.7.6.4 Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
x86 stable.
amd64 stable
arm stable
Jer, good catch on src_test, but test issue, does not block security bugs :)
(In reply to comment #6) > Jer, good catch on src_test, but test issue, does not block security bugs :) Then how am I supposed to run the test suite so I can consider marking this stable? Also, my name isn't Jer.
(In reply to comment #7) > Then how am I supposed to run the test suite so I can consider marking this > stable? Also, my name isn't Jer. if the test is broken, do not care of it. So, FEATURES="-test" emerge wireshark
alpha/ia64/s390/sh/sparc stable
Stable for HPPA.
ppc done
ppc64 done
Thanks, folks. GLSA Vote: no.
CVE-2012-1798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1798): The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. CVE-2012-1610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1610): Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. CVE-2012-0260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0260): The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. CVE-2012-0259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0259): The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
NO too, closing.
