Bug 798939 (CVE-2021-34183)

Summary:	media-gfx/imagemagick: memory leak (CVE-2021-34183)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	codec, dilfridge
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/ImageMagick/ImageMagick/issues/3767
Whiteboard:	B4 [upstream]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-06-27 19:01:22 UTC

CVE-2021-34183:

ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.

From URL:
"As stated before we will fix the issue someday, maybe. And when/if we do that we will update this issue."

[+] Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:21:17 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

[+] Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:29:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

[+] Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:37:23 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

[+] Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:45:28 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

[+] Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:53:34 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

[+] Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:01:27 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:09:49 UTC

Package list is empty or all packages have requested keywords.

Comment 8 John Helmert III archtester

2021-08-07 17:22:54 UTC

Upstream says this isn't a real security issue, seems like a potential false positive leak. The "leaked" memory is in the *bytes* anyway, so extremely minimal impact.