Bug 615230 (CVE-2017-7619)

Summary:	<media-gfx/imagemagick-6.9.8.3: Infinite loop due to a floating-point rounding error in some of the color algorithms (CVE-2017-7619)
Product:	Gentoo Security	Reporter:	Michael Boyle <boylemic>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7619
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	612668
Bug Blocks:

Description Michael Boyle 2017-04-11 03:36:00 UTC

In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-22 17:01:32 UTC

Upstream bug: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506

Upstream patch: 39f55031784edc08d8a428fefc8c4f9ec9e1f525


Fix available since upstream release v6.9.8.0. First version available within Gentoo repository containing the fix was 6.9.8.3

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-23 09:18:30 UTC

Stabilization will happen in bug 612668

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-09-17 20:50:26 UTC

No vulnerable versions left in tree.

GLSA Vote: No