Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 798939 (CVE-2021-34183) - media-gfx/imagemagick: memory leak (CVE-2021-34183)
Summary: media-gfx/imagemagick: memory leak (CVE-2021-34183)
Status: RESOLVED INVALID
Alias: CVE-2021-34183
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/ImageMagick/ImageM...
Whiteboard: B4 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-27 19:01 UTC by John Helmert III
Modified: 2021-08-07 17:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-27 19:01:22 UTC 
CVE-2021-34183:

ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.

From URL:
"As stated before we will fix the issue someday, maybe. And when/if we do that we will update this issue."
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:21:17 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:29:26 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:37:23 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:45:28 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:53:34 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:01:27 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:09:49 UTC 
Package list is empty or all packages have requested keywords.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 17:22:54 UTC 
Upstream says this isn't a real security issue, seems like a potential false positive leak. The "leaked" memory is in the *bytes* anyway, so extremely minimal impact.