Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843833 (CVE-2022-28463) - <media-gfx/imagemagick-{6.9.12.58,7.1.0.37}: heap buffer overflow
Summary: <media-gfx/imagemagick-{6.9.12.58,7.1.0.37}: heap buffer overflow
Status: IN_PROGRESS
Alias: CVE-2022-28463
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/ImageMagick/ImageM...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 866431
Blocks:
  Show dependency tree
 
Reported: 2022-05-12 02:57 UTC by John Helmert III
Modified: 2022-10-02 19:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-12 02:57:44 UTC
CVE-2022-28463 (https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680):
https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Patch is in 6.9.12-44, 7.1.0-29.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 22:51:37 UTC
Bumped a while ago, please stabilize fixed versions
Comment 2 Larry the Git Cow gentoo-dev 2022-08-31 02:51:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acd4cfe8e97a26fa5534a5468bfbdc4da4593362

commit acd4cfe8e97a26fa5534a5468bfbdc4da4593362
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-08-31 02:51:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-31 02:51:32 +0000

    media-gfx/imagemagick: drop 6.9.12.28, 6.9.12.58, 7.1.0.13, 7.1.0.43
    
    Bug: https://bugs.gentoo.org/852947
    Bug: https://bugs.gentoo.org/843833
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/imagemagick/Manifest                     |   4 -
 media-gfx/imagemagick/imagemagick-6.9.12.28.ebuild | 267 --------------------
 media-gfx/imagemagick/imagemagick-6.9.12.58.ebuild | 269 --------------------
 media-gfx/imagemagick/imagemagick-7.1.0.13.ebuild  | 274 --------------------
 media-gfx/imagemagick/imagemagick-7.1.0.43.ebuild  | 278 ---------------------
 5 files changed, 1092 deletions(-)
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2022-10-02 19:34:03 UTC
Nothing to do for me/us here anymore