Summary: | <media-gfx/graphicsmagick-1.3.35: Heap overflow in HuffmanDecodeImage (CVE-2020-10938) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/ | ||
See Also: | https://github.com/gentoo/gentoo/pull/15097 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=media-gfx/graphicsmagick-1.3.35 amd64 hppa ppc ppc64 sparc x86
|
Runtime testing required: | --- |
Patch: https://sourceforge.net/p/graphicsmagick/code/ci/95abc2b694ceb0866f8aae94849bdf4033272035/ I think this is actually fixed in 1.3.34. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf679ef6ae9930e258ee14b27c835179b35919aa commit bf679ef6ae9930e258ee14b27c835179b35919aa Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 01:11:41 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-27 12:17:09 +0000 media-gfx/graphicsmagick: Security bump to 1.3.35 Looks like 1.3.34 is the first non-affected version but may as well bump to the latest, given it's getting a lot of fuzzing attention at the moment. Bug: https://bugs.gentoo.org/714240 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15097 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-gfx/graphicsmagick/Manifest | 1 + .../graphicsmagick/graphicsmagick-1.3.35.ebuild | 132 +++++++++++++++++++++ 2 files changed, 133 insertions(+) (thanks for merging the PR). @maintainer(s), please advise if ready for stabilisation, or call yourself. CVE-2020-10938 (https://nvd.nist.gov/vuln/detail/CVE-2020-10938): GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. sparc stable x86 stable amd64 stable hppa stable ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd2d78d9616151e146b1db98de6eb26673e0f70e commit dd2d78d9616151e146b1db98de6eb26673e0f70e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-05-04 01:29:02 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-05-04 01:29:02 +0000 media-gfx/graphicsmagick: drop vulnerable Bug: https://bugs.gentoo.org/714240 Signed-off-by: Aaron Bauman <bman@gentoo.org> media-gfx/graphicsmagick/Manifest | 2 - .../graphicsmagick/graphicsmagick-1.3.32.ebuild | 132 --------------------- .../graphicsmagick/graphicsmagick-1.3.33.ebuild | 132 --------------------- 3 files changed, 266 deletions(-) |
Description: "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c." Quote from ChangeLog: >magick/compress.c (HuffmanDecodeImage): Fix signed overflow on >range check which leads to heap overflow in 32-bit >applications. Requires a relatively large file input compared with >typical fuzzer files (greater than a megabyte) to trigger. >Problem reported to the graphicsmagick-security mail address by >Justin Tripp on 2019-11-13.