Bug 596002 (CVE-2016-7799)

Summary:

<media-gfx/imagemagick-6.9.6.2: global buffer overflow

Product:

Gentoo Security

Reporter:

Ian Zimmerman <nobrowser>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

graphics+disabled

Priority:

Normal

Version:

unspecified

Hardware:

All

OS:

Linux

Whiteboard:

B2 [glsa cve]

Package list:

Runtime testing required:

---

Bug Depends on:

596004

Bug Blocks:

Attachments:

Description	Flags
patch for media-gfx/imagemagick-6.9.5.10	none

Description Ian Zimmerman 2016-10-03 03:09:24 UTC

According to the announcement on oss-security:

imagemagick identify suffers of a global buffer overflow issue, which I
reported and has been patched, you can find a reproducer in the github bug
tracker issue link

issue:
https://github.com/ImageMagick/ImageMagick/issues/280

patch:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2016-10-11 09:04:12 UTC

Here is the patch for =media-gfx/imagemagick-6.9.5.10

>=media-gfx/imagemagick-6.9.6.1 have the patch included already.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-10-11 09:05:03 UTC

Created attachment 449830 [details, diff]
patch for media-gfx/imagemagick-6.9.5.10

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2016-10-11 10:30:53 UTC

After further discussion with one of the package maintainers they intend to stabilize >=media-gfx/imagemagick-6.9.6.2

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2016-11-30 21:45:40 UTC

This issue was resolved and addressed in
 GLSA 201611-21 at https://security.gentoo.org/glsa/201611-21
by GLSA coordinator Aaron Bauman (b-man).