Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 271502 (CVE-2009-1882) - <media-gfx/imagemagick-6.5.2.9 XMakeImage() Integer Overflow Vulnerability (CVE-2009-1882)
Summary: <media-gfx/imagemagick-6.5.2.9 XMakeImage() Integer Overflow Vulnerability (C...
Status: RESOLVED FIXED
Alias: CVE-2009-1882
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/35216/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-28 09:56 UTC by Robert Buchholz (RETIRED)
Modified: 2010-06-01 15:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
imagemagick-r513.patch (imagemagick-r513.patch,18.19 KB, patch)
2009-05-28 10:23 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-28 09:56:42 UTC
From Secunia:

Tielei Wang has discovered a vulnerability in ImageMagick, which can
be exploited by malicious people to potentially compromise a user's
system.

The vulnerability is caused due to an integer overflow error within
the "XMakeImage()" function in magick/xwindow.c. This can be
exploited to cause a buffer overflow via e.g. a specially crafted
TIFF file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 6.5.2-8. Prior versions may
also be affected.

SOLUTION:
Update to version 6.5.2-9.

PROVIDED AND/OR DISCOVERED BY:
Tielei Wang, ICST-ERCIS (Engineering Research Center of Info
Security, Institute of Computer Science and Technology, Peking
University)
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-05-28 10:23:06 UTC
Created attachment 192692 [details, diff]
imagemagick-r513.patch

Most of the changes in the commit seem unrelated... yay!
Comment 2 Markus Meier gentoo-dev 2009-05-29 05:36:03 UTC
bumped to 6.5.2.9, which should fix this issue.

+*imagemagick-6.5.2.9 (29 May 2009)
+
+  29 May 2009; Markus Meier <maekke@gentoo.org> +imagemagick-6.5.2.9.ebuild:
+  version bump wrt security bug #271502
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-05-29 10:33:12 UTC
Arches, please test and mark stable:
=media-gfx/imagemagick-6.5.2.9
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2009-05-29 11:14:17 UTC
x86 stable
Comment 5 Ferris McCormick (RETIRED) gentoo-dev 2009-05-29 13:37:56 UTC
Sparc stable.
Comment 6 Brent Baude (RETIRED) gentoo-dev 2009-05-30 13:32:37 UTC
ppc64 done
Comment 7 Brent Baude (RETIRED) gentoo-dev 2009-05-30 13:32:43 UTC
ppc done
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-31 14:51:54 UTC
Readding x86:
  DEPEND.bad                    2
   media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86) ['>=sys-devel/gcc-4.3.0[openmp]']
   media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86) ['>=sys-devel/gcc-4.3.0[openmp]']


Stable for HPPA.
Comment 9 Markus Meier gentoo-dev 2009-05-31 15:51:18 UTC
amd64 stable
Comment 10 Markus Meier gentoo-dev 2009-05-31 15:52:30 UTC
(In reply to comment #8)
> Readding x86:
>   DEPEND.bad                    2
>    media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/linux/x86)
> ['>=sys-devel/gcc-4.3.0[openmp]']
>    media-gfx/imagemagick/imagemagick-6.5.2.9.ebuild: x86(hardened/x86)
> ['>=sys-devel/gcc-4.3.0[openmp]']

fixed, thanks.
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2009-06-02 18:16:53 UTC
Stable on alpha. 
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2009-06-03 18:15:20 UTC
All arches done, GLSA request filed.
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2009-06-04 17:33:06 UTC
arm/ia64/s390/sh stable
Comment 14 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-05 09:41:18 UTC
CVE-2009-1882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1882):
  Integer overflow in the XMakeImage function in magick/xwindow.c in
  ImageMagick 6.5.2-8 allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a crafted
  TIFF file, which triggers a buffer overflow.  NOTE: some of these
  details are obtained from third party information.
Comment 15 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-06-01 15:44:56 UTC
GLSA 201006-03