Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 614000 (CVE-2016-8678)

Summary: media-gfx/imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED CANTFIX    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
Whiteboard: ~3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 602044    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-03-27 08:26:38 UTC
Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-03-31 04:44:38 UTC
CVE ID: CVE-2016-8678
   Summary: The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
 Published: 2017-02-15T21:59:00.000Z
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-22 17:06:03 UTC
Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/272

Only affecting unsupported QuantumDepth=64 build.