Summary: | <media-gfx/imagemagick-6.7.6.4 : multiple DoS (CVE-2012-{0259,0260,1610,1798}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48679/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 409431 |
Description
Agostino Sarubbo
2012-04-05 12:10:33 UTC
6.7.6.4 in Portage. See also bug 409431. Arches, please test and mark stable: =media-gfx/imagemagick-6.7.6.4 Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable. amd64 stable arm stable Jer, good catch on src_test, but test issue, does not block security bugs :) (In reply to comment #6) > Jer, good catch on src_test, but test issue, does not block security bugs :) Then how am I supposed to run the test suite so I can consider marking this stable? Also, my name isn't Jer. (In reply to comment #7) > Then how am I supposed to run the test suite so I can consider marking this > stable? Also, my name isn't Jer. if the test is broken, do not care of it. So, FEATURES="-test" emerge wireshark alpha/ia64/s390/sh/sparc stable Stable for HPPA. ppc done ppc64 done Thanks, folks. GLSA Vote: no. CVE-2012-1798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1798): The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. CVE-2012-1610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1610): Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. CVE-2012-0260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0260): The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. CVE-2012-0259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0259): The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. NO too, closing. |