Bug 643912 (CVE-2017-18022, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248)

Summary:	<media-gfx/imagemagick-{6.9.9.31,7.0.7.19}: Multiple memory leaks
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2018-01-08 16:18:01 UTC

CVE-2018-5248 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5248):
  In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in
  coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode
  function.

CVE-2018-5247 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5247):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in
  coders/rla.c.

CVE-2018-5246 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5246):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in
  coders/pattern.c.

CVE-2017-18022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18022):
  In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand
  in MagickWand/montage.c.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-04-21 19:18:59 UTC

This was done via bug 643560.