682396 – (CVE-2019-10714) <media-gfx/imagemagick-7.0.8.36: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV

Bug 682396 (CVE-2019-10714) - <media-gfx/imagemagick-7.0.8.36: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV

Summary: <media-gfx/imagemagick-7.0.8.36: out-of-bounds access in function LocaleLower...

Status:	RESOLVED FIXED

Alias:	CVE-2019-10714

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2019-04-03 08:47 UTC by Agostino Sarubbo
Modified:	2020-04-16 07:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2019-04-03 08:47:24 UTC

From ${URL} :

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. 

Reference:
https://github.com/ImageMagick/ImageMagick/issues/1495

Upstream commits:
https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36
https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c
https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a


@security: please check if this issue needs a GLSA.

Comment 1 Yury German Gentoo Infrastructure

2019-04-19 02:52:23 UTC

Maintainers, please clean vulnerable versions.

Comment 2 Yury German Gentoo Infrastructure

2020-04-16 07:26:35 UTC

Thank you all for you work. 
Closing as [noglsa].