Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 682396 (CVE-2019-10714)

Summary: <media-gfx/imagemagick-7.0.8.36: out-of-bounds access in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1695477
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2019-04-03 08:47:24 UTC 
From ${URL} :

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. 

Reference:
https://github.com/ImageMagick/ImageMagick/issues/1495

Upstream commits:
https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36
https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c
https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a


@security: please check if this issue needs a GLSA.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-19 02:52:23 UTC 
Maintainers, please clean vulnerable versions.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 07:26:35 UTC 
Thank you all for you work. 
Closing as [noglsa].