624872 – (CVE-2017-11141) <media-gfx/imagemagick-7.0.5.6: memory exhaustion in ReadMATImage

Bug 624872 (CVE-2017-11141) - <media-gfx/imagemagick-7.0.5.6: memory exhaustion in ReadMATImage

Summary: <media-gfx/imagemagick-7.0.5.6: memory exhaustion in ReadMATImage

Status:	RESOLVED FIXED

Alias:	CVE-2017-11141

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://www.cvedetails.com/cve/CVE-20...
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-13 13:56 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-09-17 21:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-13 13:56:43 UTC

From $URL:

The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.	

References:

http://www.securityfocus.com/bid/99506
https://github.com/ImageMagick/ImageMagick/issues/469 

@Maintainers: Hi, could you please review the upstream and see if it affects any of tree's versions?

thanks

Comment 1 D'juan McDonald (domhnall) 2017-07-30 04:18:23 UTC

Hi Chris, seems this bug is old but a possible adjustment of the title might be required to match what upstream used for the CVE.

"CVE-2017-11141 memory exhaustion in ReadMATImage"

pulled from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868264

Comment 2 D'juan McDonald (domhnall) 2017-07-30 04:23:47 UTC

Seems they have various descriptions for the CVE.

"ImageMagick CVE-2017-11141 Denial of Service Vulnerability"

Pulled from: http://www.securityfocus.com/bid/99506