Summary: | <media-gfx/imagemagick-6.9.7.9: Multiple Vulnerabilities (CVE-2017-{6497,6498,6499,6500,6501,6502}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-gfx/imagemagick-6.9.8.6
|
Runtime testing required: | --- |
Bug Depends on: | 625404 | ||
Bug Blocks: | 615230, 615984, 617912, 617922, 619000, 620922, 623198 |
Description
D'juan McDonald (domhnall)
2017-03-15 00:15:00 UTC
CVE-2017-6502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6502): An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). CVE-2017-6501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6501): An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. CVE-2017-6500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6500): An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. CVE-2017-6499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6499): An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). CVE-2017-6498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6498): An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. CVE-2017-6497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6497): An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). (In reply to GLSAMaker/CVETool Bot from comment #1) > CVE-2017-6502 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6502): > An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file > could lead to a file-descriptor leak in libmagickcore (thus, a DoS). Upstream bug: https://github.com/ImageMagick/ImageMagick/pull/382 Upstream patch: 126c7c98ea788241922c30df4a5633ea692cf8df > CVE-2017-6501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6501): > An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file > could lead to a NULL pointer dereference. Upstream bug: ? Upstream patch: d31fec57e9dfb0516deead2053a856e3c71e9751 > CVE-2017-6500 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6500): > An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file > triggers a heap-based buffer over-read. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/375 & https://github.com/ImageMagick/ImageMagick/issues/376 Upstream patch: 3007531bfd326c5c1e29cd41d2cd80c166de8528 > CVE-2017-6499 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6499): > An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially > crafted file creating a nested exception could lead to a memory leak (thus, > a DoS). Upstream bug: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634 Upstream patch: 3358f060fc182551822576b2c0a8850faab5d543 > CVE-2017-6498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6498): > An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could > trigger assertion failures, thus leading to DoS. Upstream bug: https://github.com/ImageMagick/ImageMagick/pull/359 Upstream patch: 65f75a32a93ae4044c528a987a68366ecd4b46b9 > CVE-2017-6497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6497): > An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file > could lead to a NULL pointer dereference (thus, a DoS). Upstream bug: ? Upstream patch: 7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94 Fixes for all reported issues are available in at least 6.9.7.9 which is also available within Gentoo repository. @ Arches, please test and mark stable: =media-gfx/imagemagick-6.9.8.6 amd64 stable ppc stable x86 stable ppc64 stable arm stable Stable on alpha. sparc stable ia64 stable Superseded by bug 625404. Downgraded due to DoS. GLSA Vote: No |