Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 651786 (CVE-2017-18250, CVE-2017-18251, CVE-2017-18252, CVE-2017-18253, CVE-2017-18254)

Summary: media-gfx/imagemagick: Multiple Vulnerabilities
Product: Gentoo Security Reporter: Michael Boyle <boylemic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3[ebuild]
Package list:
Runtime testing required: ---

Description Michael Boyle 2018-03-27 20:37:07 UTC 
CVE-2017-18254:
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. 

2017-18253:
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. 

2017-18252:
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. 

2017-18251:
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. 

2017-18250:
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
Comment 1 Michael Boyle 2018-03-28 02:47:35 UTC 
Fixes were placed in the 7.0.5 commit