Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 650992 (CVE-2018-10177, CVE-2018-6405, CVE-2018-6876, CVE-2018-6930, CVE-2018-7443, CVE-2018-7470, CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-9135)

Summary: <media-gfx/imagemagick-{6.9.9.40,7.0.7.28}: Multiple vulnerabilities (CVE-2018-{6405,6876,6930,7443,7470,8804,8960,9133,9135,10177})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
media-gfx/imagemagick-6.9.9.40 media-gfx/imagemagick-7.0.7.28
Runtime testing required: ---
Bug Depends on: 660826    
Bug Blocks: 645366    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-20 14:55:57 UTC
CVE-2018-8804 (https://nvd.nist.gov/vuln/detail/CVE-2018-8804):
  WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote
  attackers to cause a denial of service (MagickCore/memory.c double free and
  application crash) or possibly have unspecified other impact via a crafted
  file.

CVE-2018-7470 (https://nvd.nist.gov/vuln/detail/CVE-2018-7470):
  An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless
  function in coders/webp.c allows attackers to cause a denial of service
  (segmentation violation) via a crafted file.

CVE-2018-7443 (https://nvd.nist.gov/vuln/detail/CVE-2018-7443):
  The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does
  not properly validate the amount of image data in a file, which allows
  remote attackers to cause a denial of service (memory allocation failure in
  the AcquireMagickMemory function in MagickCore/memory.c).

CVE-2018-6930 (https://nvd.nist.gov/vuln/detail/CVE-2018-6930):
  A stack-based buffer over-read in the ComputeResizeImage function in the
  MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote
  attacker to cause a denial of service (application crash) via a maliciously
  crafted pict file.

CVE-2018-6405 (https://nvd.nist.gov/vuln/detail/CVE-2018-6405):
  In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23,
  each redmap, greenmap, and bluemap variable can be overwritten by a new
  pointer. The previous pointer is lost, which leads to a memory leak. This
  allows remote attackers to cause a denial of service.


@Maintainers, 7.0.7-27 is available, it may contain fixes for all of these.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2018-04-21 19:05:11 UTC
CVE-2018-9135 (https://nvd.nist.gov/vuln/detail/CVE-2018-9135):
  In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in
  IsWEBPImageLossless in coders/webp.c.

CVE-2018-9133 (https://nvd.nist.gov/vuln/detail/CVE-2018-9133):
  ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and
  EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of
  minutes) with a tiny PoC file. Remote attackers could leverage this
  vulnerability to cause a denial of service via a crafted tiff file.

CVE-2018-8960 (https://nvd.nist.gov/vuln/detail/CVE-2018-8960):
  The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does
  not properly restrict memory allocation, leading to a heap-based buffer
  over-read.

CVE-2018-6876 (https://nvd.nist.gov/vuln/detail/CVE-2018-6876):
  The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in
  ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to
  cause a denial of service (stack-based buffer under-read) via a crafted bmp
  image.

CVE-2018-10177 (https://nvd.nist.gov/vuln/detail/CVE-2018-10177):
  In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage
  function of the coders/png.c file. Remote attackers could leverage this
  vulnerability to cause a denial of service via a crafted mng file.
Comment 2 Larry the Git Cow gentoo-dev 2018-04-21 19:07:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91ceaef63a9a0768ffe6e130490915df7c3a77e7

commit 91ceaef63a9a0768ffe6e130490915df7c3a77e7
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-04-21 19:06:59 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-04-21 19:07:11 +0000

    media-gfx/imagemagick: Bump
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/imagemagick/Manifest                    |   2 +
 media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 185 ++++++++++++++++++++++
 media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 185 ++++++++++++++++++++++
 3 files changed, 372 insertions(+)}
Comment 3 Mart Raudsepp gentoo-dev 2018-04-21 20:59:12 UTC
arm64 doesn't have stable imagemagick..
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-04-22 01:07:16 UTC
x86 stopped stabilization due to bug 653752.
Comment 5 Matt Turner gentoo-dev 2018-04-22 23:31:06 UTC
alpha stable
Comment 6 Matt Turner gentoo-dev 2018-04-23 01:48:51 UTC
hppa stable
Comment 7 Matt Turner gentoo-dev 2018-04-23 02:21:11 UTC
ppc stable
Comment 8 Matt Turner gentoo-dev 2018-04-23 02:21:22 UTC
ppc64 stable
Comment 9 Larry the Git Cow gentoo-dev 2018-04-23 14:19:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7914548ae9309c21b44b3e2e81dfe95e392a0b91

commit 7914548ae9309c21b44b3e2e81dfe95e392a0b91
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-23 14:18:54 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-23 14:19:18 +0000

    media-gfx/imagemagick: amd64 stable wrt bug #650992
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +-
 media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)}
Comment 10 Thomas Deutschmann gentoo-dev Security 2018-04-23 19:42:02 UTC
Removing depending bug 653752, test failure only affects x86 and shouldn't block any other architecture from processing the stabilization request.
Comment 11 Larry the Git Cow gentoo-dev 2018-04-25 06:08:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c0de8cb50e8684e473f1e5147a083d32fc5ef21

commit 8c0de8cb50e8684e473f1e5147a083d32fc5ef21
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-25 05:20:42 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-25 06:08:35 +0000

    media-gfx/imagemagick: stable 7.0.7.28 for sparc
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3f46c481149918b3f2cd9a1b004ac3fb0b2ea19

commit a3f46c481149918b3f2cd9a1b004ac3fb0b2ea19
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-25 05:19:14 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-25 06:08:35 +0000

    media-gfx/imagemagick: stable 6.9.9.40 for sparc
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 12 Larry the Git Cow gentoo-dev 2018-04-27 06:13:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a0fd9d7cba387819e2a56b066a30079c753588b

commit 2a0fd9d7cba387819e2a56b066a30079c753588b
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-27 06:13:30 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-27 06:13:37 +0000

    media-gfx/imagemagick: stable 7.0.7.28 for ia64, bug #650992
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.31, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-gfx/imagemagick/imagemagick-7.0.7.28.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8de500fee28ebcea09fe17deaf1325fcca023000

commit 8de500fee28ebcea09fe17deaf1325fcca023000
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-27 06:13:22 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-27 06:13:37 +0000

    media-gfx/imagemagick: stable 6.9.9.40 for ia64, bug #650992
    
    Bug: https://bugs.gentoo.org/650992
    Package-Manager: Portage-2.3.31, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-gfx/imagemagick/imagemagick-6.9.9.40.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 13 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-04-28 14:36:07 UTC
arm stable
Comment 14 Thomas Deutschmann gentoo-dev Security 2018-07-09 21:03:45 UTC
Superseded by bug 660826.