617912 – (CVE-2017-8830) <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of Service

Bug 617912 (CVE-2017-8830) - <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of Service

Summary: <media-gfx/imagemagick-6.9.8.6: ReadBMPImage function in bmp.c:1379 Denial of...

Status:	RESOLVED FIXED

Alias:	CVE-2017-8830

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	CVE-2017-6497, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500, CVE-2017-6501, CVE-2017-6502
Blocks:
	Show dependency tree

Reported:	2017-05-09 01:09 UTC by Michael Boyle
Modified:	2017-09-17 20:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Boyle 2017-05-09 01:09:33 UTC

In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-22 16:56:41 UTC

Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/467

Upstream patch: e3c6338e3a1fe003abf581b5f99f20d94c520e7e

Fixed since upstream release v6.9.8-5 which is not yet available in Gentoo repository.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-23 09:18:51 UTC

Stabilization will happen in bug 612668

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-09-17 20:55:31 UTC

GLSA Vote: No