Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 596002 (CVE-2016-7799)

Summary: <media-gfx/imagemagick-6.9.6.2: global buffer overflow
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 596004    
Bug Blocks:    
Attachments:
Description Flags
patch for media-gfx/imagemagick-6.9.5.10 none

Description Ian Zimmerman 2016-10-03 03:09:24 UTC
According to the announcement on oss-security:

imagemagick identify suffers of a global buffer overflow issue, which I
reported and has been patched, you can find a reproducer in the github bug
tracker issue link

issue:
https://github.com/ImageMagick/ImageMagick/issues/280

patch:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 09:04:12 UTC
Here is the patch for =media-gfx/imagemagick-6.9.5.10

>=media-gfx/imagemagick-6.9.6.1 have the patch included already.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 09:05:03 UTC
Created attachment 449830 [details, diff]
patch for media-gfx/imagemagick-6.9.5.10
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 10:30:53 UTC
After further discussion with one of the package maintainers they intend to stabilize >=media-gfx/imagemagick-6.9.6.2
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:45:40 UTC
This issue was resolved and addressed in
 GLSA 201611-21 at https://security.gentoo.org/glsa/201611-21
by GLSA coordinator Aaron Bauman (b-man).