Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615230 (CVE-2017-7619) - <media-gfx/imagemagick-6.9.8.3: Infinite loop due to a floating-point rounding error in some of the color algorithms (CVE-2017-7619)
Summary: <media-gfx/imagemagick-6.9.8.3: Infinite loop due to a floating-point roundin...
Status: RESOLVED FIXED
Alias: CVE-2017-7619
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-6497, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500, CVE-2017-6501, CVE-2017-6502
Blocks:
  Show dependency tree
 
Reported: 2017-04-11 03:36 UTC by Michael Boyle
Modified: 2017-09-17 20:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Boyle 2017-04-11 03:36:00 UTC
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-05-22 17:01:32 UTC
Upstream bug: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506

Upstream patch: 39f55031784edc08d8a428fefc8c4f9ec9e1f525


Fix available since upstream release v6.9.8.0. First version available within Gentoo repository containing the fix was 6.9.8.3
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-05-23 09:18:30 UTC
Stabilization will happen in bug 612668
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-09-17 20:50:26 UTC
No vulnerable versions left in tree.

GLSA Vote: No