631554 – <media-gfx/graphicsmagick-1.3.27: Out-of-bounds read in mat.c (CVE-2016-10070)

Bug 631554 - <media-gfx/graphicsmagick-1.3.27: Out-of-bounds read in mat.c (CVE-2016-10070)

Summary: <media-gfx/graphicsmagick-1.3.27: Out-of-bounds read in mat.c (CVE-2016-10070)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-09-20 17:44 UTC by GLSAMaker/CVETool Bot
Modified:	2018-03-26 01:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-09-20 17:44:27 UTC

CVE-2016-10070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10070):
  Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in
  ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of
  service (out-of-bounds read and application crash) via a crafted mat file.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-09-20 17:52:32 UTC

From http://www.graphicsmagick.org/Changelog.html:

> 2017-09-14 Bob Friesenhahn <bfriesen@...>
>
>     coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap
>     overflow in the MAT reader due to an under-sized memory allocation.
>     Based on private email from Petr Gajdos on Mon, 11 Sep 2017.

Upstream patch: https://sourceforge.net/p/graphicsmagick/code/ci/a0e598438aa970f237fa9b35edce0728cc144f29/

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:18:34 UTC

@maintainer(s), please clean the vulnerable version from the tree.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:43:13 UTC

cleanup will be tracked in bug #640690

GLSA Vote: No