626440 – (CVE-2017-11722) <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (CVE-2017-11722)

Bug 626440 (CVE-2017-11722) - <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (CVE-2017-11722)

Summary: <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png...

Status:	RESOLVED FIXED

Alias:	CVE-2017-11722

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://hg.code.sf.net/p/graphicsmagic...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-28 14:25 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2018-03-26 01:37 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
CVE-2017-11722.patch (CVE-2017-11722.patch,1.41 KB, patch) 2017-08-25 23:24 UTC, Andrey Ovcharov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-28 14:25:15 UTC

From URL:

Description
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.

References:

http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-08-22 20:57:43 UTC

@Security

The bug was already fixed by upstream. The only affected version was non-stable so dropped to ~3, we only need to add CVE.

Thanks

Gentoo Security Padawan
ChrisADR

Comment 2 Andrey Ovcharov 2017-08-25 23:24:16 UTC

Created attachment 490598 [details, diff]
CVE-2017-11722.patch

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-09-20 17:32:44 UTC

@Security please add CVE before closing the report.

Gentoo Security Padawan
ChrisADR

Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-09-24 18:40:00 UTC

Re-opening:

WriteOnePNGImage is also affected in Graphicsmagick 1.3.25 which is stable. Reassigning B3 to Whiteboard and PR with the patch and the new revision added to the tree.

@Maintainers please excuse the confusion and the possible problems originated by my mistake with this report. In the case you accept the proposed PR, please call for stabilization when ready or let us know.

PS: The same patch could apply to 1.3.26 while waiting for the next official release. 


PR:
https://github.com/gentoo/gentoo/pull/5786

Gentoo Security Padawan
ChrisADR

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 00:24:16 UTC

@maintainer(s), please clean the vulnerable version from the tree.

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:37:07 UTC

cleanup will be tracked in bug #640690

GLSA Vote: No