Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 410867 (CVE-2012-0259) - <media-gfx/imagemagick-6.7.6.4 : multiple DoS (CVE-2012-{0259,0260,1610,1798})
Summary: <media-gfx/imagemagick-6.7.6.4 : multiple DoS (CVE-2012-{0259,0260,1610,1798})
Status: RESOLVED FIXED
Alias: CVE-2012-0259
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/48679/
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks: CVE-2012-1185
  Show dependency tree
 
Reported: 2012-04-05 12:10 UTC by Agostino Sarubbo
Modified: 2012-08-14 16:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-04-05 12:10:33 UTC
From secunia security advisory at $URL:

Description
Multiple vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with a components count of 0 can be exploited to access uninitialised or invalid memory via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

2) Insufficient validation in the "JPEGWarningHandler()" function (coders/jpeg.c) when handling JPEG restart markers may exhaust resources via a specially crafted JPEG image.

The vulnerability is reported in version 6.7.6-2 and prior.

3) An error in the "TIFFGetEXIFProperties()" function (coders/tiff.c) when parsing TIFF EXIF IFD may cause invalid memory to be read via a specially crafted TIFF image.

The vulnerability is reported in version 6.7.6-2 and prior.

4) An integer overflow error in the "GetEXIFProperty()" function (magick/property.c) when parsing JPEG EXIF tags with an overly large components count may result in invalid heap memory being read. A similar error exists in the "SyncImageProfiles()" function (magick/profile.c).

The vulnerability is reported in versions prior to 6.7.6-4.


Solution
Update to version 6.7.6-4 or apply patches.
Comment 1 Samuli Suominen gentoo-dev 2012-04-05 17:59:10 UTC
6.7.6.4 in Portage. See also bug 409431.
Comment 2 Agostino Sarubbo gentoo-dev 2012-04-05 18:20:52 UTC
Arches, please test and mark stable:
=media-gfx/imagemagick-6.7.6.4
Target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Andreas Schürch gentoo-dev 2012-04-06 15:43:08 UTC
x86 stable.
Comment 4 Agostino Sarubbo gentoo-dev 2012-04-06 18:40:40 UTC
amd64 stable
Comment 5 Markus Meier gentoo-dev 2012-04-07 15:04:02 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2012-04-07 15:31:53 UTC
Jer, good catch on src_test, but test issue, does not block security bugs :)
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2012-04-07 15:47:49 UTC
(In reply to comment #6)
> Jer, good catch on src_test, but test issue, does not block security bugs :)

Then how am I supposed to run the test suite so I can consider marking this stable? Also, my name isn't Jer.
Comment 8 Agostino Sarubbo gentoo-dev 2012-04-07 18:50:26 UTC
(In reply to comment #7)
> Then how am I supposed to run the test suite so I can consider marking this
> stable? Also, my name isn't Jer.

if the test is broken, do not care of it. So, FEATURES="-test" emerge wireshark
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2012-04-08 14:41:58 UTC
alpha/ia64/s390/sh/sparc stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2012-04-08 16:59:06 UTC
Stable for HPPA.
Comment 11 Brent Baude (RETIRED) gentoo-dev 2012-04-16 17:12:02 UTC
ppc done
Comment 12 Mark Loeser (RETIRED) gentoo-dev 2012-05-06 19:23:57 UTC
ppc64 done
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2012-05-07 02:53:15 UTC
Thanks, folks. GLSA Vote: no.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 18:34:30 UTC
CVE-2012-1798 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1798):
  The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before
  6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds
  read and crash) via a crafted EXIF IFD in a TIFF image.

CVE-2012-1610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1610):
  Integer overflow in the GetEXIFProperty function in magick/property.c in
  ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of
  service (out-of-bounds read) via a large component count for certain EXIF
  tags in a JPEG image.  NOTE: this vulnerability exists because of an
  incomplete fix for CVE-2012-0259.

CVE-2012-0260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0260):
  The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before
  6.7.6-3 allows remote attackers to cause a denial of service (memory
  consumption) via a JPEG image with a crafted sequence of restart markers.

CVE-2012-0259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0259):
  The GetEXIFProperty function in magick/property.c in ImageMagick before
  6.7.6-3 allows remote attackers to cause a denial of service (crash) via a
  zero value in the component count of an EXIF XResolution tag in a JPEG file,
  which triggers an out-of-bounds read.
Comment 15 Tobias Heinlein (RETIRED) gentoo-dev 2012-08-14 16:11:50 UTC
NO too, closing.