Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 614000 (CVE-2016-8678) - media-gfx/imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)
Summary: media-gfx/imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel...
Status: RESOLVED CANTFIX
Alias: CVE-2016-8678
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://blogs.gentoo.org/ago/2016/10/...
Whiteboard: ~3 [noglsa cve]
Keywords:
Depends on: 602044
Blocks:
  Show dependency tree
 
Reported: 2017-03-27 08:26 UTC by Agostino Sarubbo
Modified: 2017-09-17 21:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-03-27 08:26:38 UTC
Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-03-31 04:44:38 UTC
CVE ID: CVE-2016-8678
   Summary: The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
 Published: 2017-02-15T21:59:00.000Z
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-05-22 17:06:03 UTC
Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/272

Only affecting unsupported QuantumDepth=64 build.