Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 643912 (CVE-2017-18022, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248)

Summary: <media-gfx/imagemagick-{6.9.9.31,7.0.7.19}: Multiple memory leaks
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-08 16:18:01 UTC
CVE-2018-5248 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5248):
  In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in
  coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode
  function.

CVE-2018-5247 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5247):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in
  coders/rla.c.

CVE-2018-5246 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5246):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in
  coders/pattern.c.

CVE-2017-18022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18022):
  In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand
  in MagickWand/montage.c.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-04-21 19:18:59 UTC
This was done via bug 643560.