Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 629576 (CVE-2017-12691, CVE-2017-12692, CVE-2017-12693)

Summary: <media-gfx/imagemagick-{6.9.9.9,7.0.6.9}: Denial of Service via memory consumption (CVE-2017-{12691,12692,12693})
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2017-09-01 22:56:52 UTC 
Description
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
Source:  MITRE      Last Modified:  09/01/2017


 
Description
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
Source:  MITRE      Last Modified:  09/01/2017

Description
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Source:  MITRE      Last Modified:  09/01/2017


Upstream Patch:

https://github.com/ImageMagick/ImageMagick/issues/653

https://github.com/ImageMagick/ImageMagick/issues/652

https://github.com/ImageMagick/ImageMagick/issues/656
Comment 3 D'juan McDonald (domhnall) 2017-11-05 19:04:40 UTC 
Added to existing GLSA request.

Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-11-11 14:17:43 UTC 
This issue was resolved and addressed in
 GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).