Bug 645366 (CVE-2017-18027, CVE-2017-18028, CVE-2017-18029, CVE-2018-5357, CVE-2018-5358)

Summary:	<media-gfx/imagemagick-{6.9.9.40,7.0.7.28}: Multiple memory leaks
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	650992
Bug Blocks:

Description GLSAMaker/CVETool Bot gentoo-dev

2018-01-22 14:47:47 UTC

CVE-2018-5358 (https://nvd.nist.gov/vuln/detail/CVE-2018-5358):
  ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes
  function in coders/json.c, as demonstrated by the ReadPSDLayersInternal
  function in coders/psd.c.

CVE-2018-5357 (https://nvd.nist.gov/vuln/detail/CVE-2018-5357):
  ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in
  coders/dcm.c.

CVE-2017-18029 (https://nvd.nist.gov/vuln/detail/CVE-2017-18029):
  In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c, which allow remote attackers to cause
  a denial of service via a crafted file.

CVE-2017-18028 (https://nvd.nist.gov/vuln/detail/CVE-2017-18028):
  In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in
  the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to
  cause a denial of service via a crafted file.

CVE-2017-18027 (https://nvd.nist.gov/vuln/detail/CVE-2017-18027):
  In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c, which allow remote attackers to cause
  a denial of service via a crafted file.