Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623198 (CVE-2017-9439, CVE-2017-9440) - <media-gfx/imagemagick-{6.9.8.6,7.0.5.7}: Multiple vulnerabilities (CVE-2017-{9439,9440,9499,9500,9501})
Summary: <media-gfx/imagemagick-{6.9.8.6,7.0.5.7}: Multiple vulnerabilities (CVE-2017-...
Status: RESOLVED FIXED
Alias: CVE-2017-9439, CVE-2017-9440
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2017-6497, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500, CVE-2017-6501, CVE-2017-6502
Blocks:
  Show dependency tree
 
Reported: 2017-06-30 20:12 UTC by Volkan
Modified: 2017-09-17 20:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-06-30 20:12:40 UTC
CVE-2017-9439
In ImageMagick a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/460

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
--------------------------------------------------------------------------------
CVE-2017-9440
In ImageMagick a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/462

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/d4e8b9722577547177a2daecee98ea9e5fe54968
Comment 1 Volkan 2017-06-30 20:23:40 UTC
CVE-2017-9499
In ImageMagick an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/492

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44
--------------------------------------------------------------------------------
CVE-2017-9500
In ImageMagick an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/500

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
-------------------------------------------------------------------------------
CVE-2017-9501
In ImageMagick an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/491

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-07-16 00:33:08 UTC
@maintainer(s), please remove the vulnerable versions.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-09-17 20:57:24 UTC
GLSA Vote: No