Bug 611360

Summary:	media-gfx/imagemagick: Heap out-of-bounds read in tiff.c (CVE-2017-6335)
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/ImageMagick/ImageMagick/issues/391
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	611356

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-03-02 00:22:13 UTC

ImageMagick encounter a read beyond an allocated heap buffer when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required. A maliciously crafted file could cause the application to crash. Please see bug 611356 for details.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-22 17:03:28 UTC

Still unknown status.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-01-20 19:58:14 UTC

(In reply to Thomas Deutschmann from comment #1)
> Still unknown status.

Upstream commented on the Github page that they are not able to reproduce this based off the issue you opened.  They closed it out 20 days ago.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2018-03-27 02:22:52 UTC

Not reproducible by upstream or myself.