Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 593528 (CVE-2016-5841) - <media-gfx/imagemagick- Integer overflow in MagickCore/profile.c
Summary: <media-gfx/imagemagick- Integer overflow in MagickCore/profile.c
Alias: CVE-2016-5841
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2016-09-12 03:26 UTC by Ian Zimmerman
Modified: 2016-12-05 01:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2016-09-12 03:26:42 UTC
According to the RedHat summary [1]:

An integer overflow vulnerability was found in MagickCore/property.c that can potentially lead to code execution.

Upstream fix is at [2].  Please note that the patch must be adjusted by approximately 's/MagickCore/magick/g' to apply to the 6.9.x series.



Reproducible: Always
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-11 11:41:57 UTC
I am not seeing any code base similair to this in  The same functions and values are integers in the vulnerable code vice shorts as seen in

@zx2c4, could you take a look please?
Comment 2 Jason A. Donenfeld archtester Gentoo Infrastructure gentoo-dev Security 2016-10-18 12:13:21 UTC
If it doesn't apply cleanly, just backport the codeblocks that have the comment "Corrupt EXIF". I saw 4 places. I'm not sure if the integer casting reworking of the earlier part actually fix a vulnerability, but if they do, it means the problem is much deeper, since miscomputing read values of an input file shouldn't wind up in a vulnerability no matter what.

Alternatively, wait for ImageMagick to provide the backport or new release.
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-12-05 01:39:43 UTC
When this bug was filed this was already backported, see

$ git tag --contains 070d7f8a59b1516b166826cb25ac5556968dec84 | sort

First version which landed in Gentoo repository containing the fix was v

First able version is =media-gfx/imagemagick- No vulnerable version left in repository.

@ Security: Please vote!
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-12-05 01:44:35 UTC
GLSA Vote: No