Bug 271502 (CVE-2009-1882)

Summary:

<media-gfx/imagemagick-6.5.2.9 XMakeImage() Integer Overflow Vulnerability (CVE-2009-1882)

Product:

Gentoo Security

Reporter:

Robert Buchholz (RETIRED) <rbu>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

major

CC:

graphics+disabled

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://secunia.com/advisories/35216/

Whiteboard:

A2 [glsa]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
imagemagick-r513.patch	none

Description Robert Buchholz (RETIRED) gentoo-dev

2009-05-28 09:56:42 UTC

From Secunia:

Tielei Wang has discovered a vulnerability in ImageMagick, which can
be exploited by malicious people to potentially compromise a user's
system.

The vulnerability is caused due to an integer overflow error within
the "XMakeImage()" function in magick/xwindow.c. This can be
exploited to cause a buffer overflow via e.g. a specially crafted
TIFF file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 6.5.2-8. Prior versions may
also be affected.

SOLUTION:
Update to version 6.5.2-9.

PROVIDED AND/OR DISCOVERED BY:
Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
Security, Institute of Computer Science and Technology, Peking
University)

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-05-28 10:23:06 UTC

Created attachment 192692 [details, diff]
imagemagick-r513.patch

Most of the changes in the commit seem unrelated... yay!

Comment 2 Markus Meier gentoo-dev

2009-05-29 05:36:03 UTC

bumped to 6.5.2.9, which should fix this issue.

+*imagemagick-6.5.2.9 (29 May 2009)
+
+  29 May 2009; Markus Meier <maekke@gentoo.org> +imagemagick-6.5.2.9.ebuild:
+  version bump wrt security bug #271502

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2009-05-29 10:33:12 UTC

Arches, please test and mark stable:
=media-gfx/imagemagick-6.5.2.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2009-05-29 11:14:17 UTC

x86 stable

Comment 5 Ferris McCormick (RETIRED) gentoo-dev

2009-05-29 13:37:56 UTC

Sparc stable.

Comment 6 Brent Baude (RETIRED) gentoo-dev

2009-05-30 13:32:37 UTC

ppc64 done

Comment 7 Brent Baude (RETIRED) gentoo-dev

2009-05-30 13:32:43 UTC

ppc done

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2009-05-31 14:51:54 UTC

Readding x86:
  DEPEND.bad                    2
   media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86) ['>=sys-devel/gcc-4.3.0[openmp]']
   media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86) ['>=sys-devel/gcc-4.3.0[openmp]']


Stable for HPPA.

Comment 9 Markus Meier gentoo-dev

2009-05-31 15:51:18 UTC

amd64 stable

Comment 10 Markus Meier gentoo-dev

2009-05-31 15:52:30 UTC

(In reply to comment #8)
> Readding x86:
>   DEPEND.bad                    2
>    media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86)
> ['>=sys-devel/gcc-4.3.0[openmp]']
>    media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86)
> ['>=sys-devel/gcc-4.3.0[openmp]']

fixed, thanks.

Comment 11 Tobias Klausmann (RETIRED) gentoo-dev

2009-06-02 18:16:53 UTC

Stable on alpha.

Comment 12 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-03 18:15:20 UTC

All arches done, GLSA request filed.

Comment 13 Raúl Porcel (RETIRED) gentoo-dev

2009-06-04 17:33:06 UTC

arm/ia64/s390/sh stable

Comment 14 Stefan Behte (RETIRED) gentoo-dev

2009-06-05 09:41:18 UTC

CVE-2009-1882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1882):
  Integer overflow in the XMakeImage function in magick/xwindow.c in
  ImageMagick 6.5.2-8 allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a crafted
  TIFF file, which triggers a buffer overflow.  NOTE: some of these
  details are obtained from third party information.

Comment 15 Alex Legler (RETIRED) archtester

2010-06-01 15:44:56 UTC

GLSA 201006-03