Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617912 (CVE-2017-8830) - <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of Service
Summary: <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of...
Status: RESOLVED FIXED
Alias: CVE-2017-8830
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-6497, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500, CVE-2017-6501, CVE-2017-6502
Blocks:
  Show dependency tree
 
Reported: 2017-05-09 01:09 UTC by Michael Boyle
Modified: 2017-09-17 20:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Boyle 2017-05-09 01:09:33 UTC
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-05-22 16:56:41 UTC
Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/467

Upstream patch: e3c6338e3a1fe003abf581b5f99f20d94c520e7e

Fixed since upstream release v6.9.8-5 which is not yet available in Gentoo repository.
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-05-23 09:18:51 UTC
Stabilization will happen in bug 612668
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-09-17 20:55:31 UTC
GLSA Vote: No