Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617920 (CVE-2017-7275) - media-gfx/imagemagick: memory allocation denial of service in coders/pcx.c (CVE-2017-7275)
Summary: media-gfx/imagemagick: memory allocation denial of service in coders/pcx.c (...
Alias: CVE-2017-7275
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa cve]
Depends on:
Reported: 2017-05-09 04:39 UTC by GLSAMaker/CVETool Bot
Modified: 2017-09-17 21:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-09 04:39:46 UTC
CVE-2017-7275 (
  The ReadPCXImage function in coders/pcx.c in ImageMagick allows
  remote attackers to cause a denial of service (attempted large memory
  allocation and application crash) via a crafted file. NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2016-8862 and
Comment 2 Thomas Deutschmann gentoo-dev Security 2017-05-22 16:54:59 UTC
Upstream is unable to reproduce.

Upstream tried further mitigation via commit d94d85622f120f82240921ae7a83a72afcb79ddf which is available since v6.9.6-6 (current stable version in Gentoo is
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2017-09-05 05:02:19 UTC
Issue pending closure on upstream. AJSAN issue. 

You are getting an allocation error because the size of the colormap is ridiculous high. On our systems we can allocate this but it then fails at a later moment.