Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 596002 (CVE-2016-7799) - <media-gfx/imagemagick-6.9.6.2: global buffer overflow
Summary: <media-gfx/imagemagick-6.9.6.2: global buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2016-7799
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on: CVE-2016-7906
Blocks:
  Show dependency tree
 
Reported: 2016-10-03 03:09 UTC by Ian Zimmerman
Modified: 2016-11-30 21:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch for media-gfx/imagemagick-6.9.5.10 (CVE-2016-7799.patch,491 bytes, patch)
2016-10-11 09:05 UTC, Aaron Bauman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2016-10-03 03:09:24 UTC
According to the announcement on oss-security:

imagemagick identify suffers of a global buffer overflow issue, which I
reported and has been patched, you can find a reproducer in the github bug
tracker issue link

issue:
https://github.com/ImageMagick/ImageMagick/issues/280

patch:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 09:04:12 UTC
Here is the patch for =media-gfx/imagemagick-6.9.5.10

>=media-gfx/imagemagick-6.9.6.1 have the patch included already.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 09:05:03 UTC
Created attachment 449830 [details, diff]
patch for media-gfx/imagemagick-6.9.5.10
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 10:30:53 UTC
After further discussion with one of the package maintainers they intend to stabilize >=media-gfx/imagemagick-6.9.6.2
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:45:40 UTC
This issue was resolved and addressed in
 GLSA 201611-21 at https://security.gentoo.org/glsa/201611-21
by GLSA coordinator Aaron Bauman (b-man).