Bug 631554

Summary:	<media-gfx/graphicsmagick-1.3.27: Out-of-bounds read in mat.c (CVE-2016-10070)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2017-09-20 17:44:27 UTC

CVE-2016-10070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10070):
  Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in
  ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of
  service (out-of-bounds read and application crash) via a crafted mat file.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-09-20 17:52:32 UTC

From http://www.graphicsmagick.org/Changelog.html:

> 2017-09-14 Bob Friesenhahn <bfriesen@...>
>
>     coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap
>     overflow in the MAT reader due to an under-sized memory allocation.
>     Based on private email from Petr Gajdos on Mon, 11 Sep 2017.

Upstream patch: https://sourceforge.net/p/graphicsmagick/code/ci/a0e598438aa970f237fa9b35edce0728cc144f29/

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:18:34 UTC

@maintainer(s), please clean the vulnerable version from the tree.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:43:13 UTC

cleanup will be tracked in bug #640690

GLSA Vote: No