| Summary: | <media-gfx/imagemagick-6.9.5.5: Integer overflow in MagickCore/profile.c | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | graphics+disabled, zx2c4 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5841 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Ian Zimmerman
2016-09-12 03:26:42 UTC
I am not seeing any code base similair to this in 6.9.6.2. The same functions and values are integers in the vulnerable code vice shorts as seen in 6.9.6.2. @zx2c4, could you take a look please? If it doesn't apply cleanly, just backport the codeblocks that have the comment "Corrupt EXIF". I saw 4 places. I'm not sure if the integer casting reworking of the earlier part actually fix a vulnerability, but if they do, it means the problem is much deeper, since miscomputing read values of an input file shouldn't wind up in a vulnerability no matter what. Alternatively, wait for ImageMagick to provide the backport or new release. When this bug was filed this was already backported, see https://github.com/ImageMagick/ImageMagick/commit/070d7f8a59b1516b166826cb25ac5556968dec84 $ git tag --contains 070d7f8a59b1516b166826cb25ac5556968dec84 | sort 6.9.4-10 6.9.5-0 6.9.5-1 [...] First version which landed in Gentoo repository containing the fix was v 6.9.5.5. First able version is =media-gfx/imagemagick-6.9.5.10. No vulnerable version left in repository. @ Security: Please vote! GLSA Vote: No |
