CVE-2020-12672 (https://nvd.nist.gov/vuln/detail/CVE-2020-12672): GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Patch for CVE-2020-12672: http://hg.code.sf.net/p/graphicsmagick/code/rev/50395430a371 Note that there are more issues (unrelated): * http://hg.code.sf.net/p/graphicsmagick/code/rev/83b4d2b4b873 "Terminate reading when a pixel cache resource limit is hit rather than moving on to heap buffer overflow. Fixes oss-fuzz 20045, 20318, 21956" * http://hg.code.sf.net/p/graphicsmagick/code/rev/b0aa53a5f970 "Heap-buffer-overflow in ImportGrayQuantumType" and oss-fuzz, "Heap-buffer-overflow in InsertRow" which are both from the samecause.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba6698e39be1eeb5fb0c06a89e8dcf239b5a19f2 commit ba6698e39be1eeb5fb0c06a89e8dcf239b5a19f2 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-08 07:40:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-17 01:26:26 +0000 media-gfx/graphicsmagick: Security bump Patches the following: - CVE-2020-12672 * oss-fuzz ** 20045 ** 20318 ** 21956 ** 23042 Bug: https://bugs.gentoo.org/721328 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/16126 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../graphicsmagick-1.3.35-CVE-2020-12672.patch | 67 ++++++++++ ...smagick-1.3.35-oss-fuzz-20045-20318-21956.patch | 38 ++++++ .../graphicsmagick-1.3.35-oss-fuzz-23042.patch | 42 +++++++ .../graphicsmagick/graphicsmagick-1.3.35-r1.ebuild | 135 +++++++++++++++++++++ 4 files changed, 282 insertions(+)
sparc stable
hppa stable
x86 stable
ppc stable
ppc64 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d49866d88da06c77112cd72428cde187d5917c75 commit d49866d88da06c77112cd72428cde187d5917c75 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-16 00:25:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-16 01:01:31 +0000 media-gfx/graphicsmagick: security cleanup Bug: https://bugs.gentoo.org/721328 Package-Manager: Portage-2.3.99, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> .../graphicsmagick/graphicsmagick-1.3.35.ebuild | 132 --------------------- 1 file changed, 132 deletions(-)
Unable to check for sanity: > no match for package: media-gfx/graphicsmagick-1.3.35-r1
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fb22bd14741ad3acda080e6d1e9e232492931833 commit fb22bd14741ad3acda080e6d1e9e232492931833 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:22:18 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:48:00 +0000 [ GLSA 202209-19 ] GraphicsMagick: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/721328 Bug: https://bugs.gentoo.org/836283 Bug: https://bugs.gentoo.org/873367 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-19.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
GLSA released, all done!
