Summary: | <media-gfx/imagemagick-{6.9.9.5,7.0.6.5}: Multiple Vulnerabilities (memory leak/exhaustion) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ImageMagick/ImageMagick/issues?page=3&q=is%3Aissue+is%3Aclosed | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2017-09-05 03:47:44 UTC
CVE-2017-14139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139): ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. CVE-2017-14138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138): ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. CVE-2017-14137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137): ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. n repository since https://github.com/gentoo/gentoo/commit/e1658f8bb1511ac66fe7dc2a1d00cfae4be4f43a#diff-c3da9b5318c1a67d6927fb8032d46fe5 This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man). |