Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 617912 (CVE-2017-8830)

Summary: <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of Service
Product: Gentoo Security Reporter: Michael Boyle <boylemic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 612668    
Bug Blocks:    

Description Michael Boyle 2017-05-09 01:09:33 UTC
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-22 16:56:41 UTC
Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/467

Upstream patch: e3c6338e3a1fe003abf581b5f99f20d94c520e7e

Fixed since upstream release v6.9.8-5 which is not yet available in Gentoo repository.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-23 09:18:51 UTC
Stabilization will happen in bug 612668
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2017-09-17 20:55:31 UTC
GLSA Vote: No