According to the RedHat summary [1]: An integer overflow vulnerability was found in MagickCore/property.c that can potentially lead to code execution. Upstream fix is at [2]. Please note that the patch must be adjusted by approximately 's/MagickCore/magick/g' to apply to the 6.9.x series. [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5841 [2] https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b Reproducible: Always
I am not seeing any code base similair to this in 6.9.6.2. The same functions and values are integers in the vulnerable code vice shorts as seen in 6.9.6.2. @zx2c4, could you take a look please?
If it doesn't apply cleanly, just backport the codeblocks that have the comment "Corrupt EXIF". I saw 4 places. I'm not sure if the integer casting reworking of the earlier part actually fix a vulnerability, but if they do, it means the problem is much deeper, since miscomputing read values of an input file shouldn't wind up in a vulnerability no matter what. Alternatively, wait for ImageMagick to provide the backport or new release.
When this bug was filed this was already backported, see https://github.com/ImageMagick/ImageMagick/commit/070d7f8a59b1516b166826cb25ac5556968dec84 $ git tag --contains 070d7f8a59b1516b166826cb25ac5556968dec84 | sort 6.9.4-10 6.9.5-0 6.9.5-1 [...] First version which landed in Gentoo repository containing the fix was v 6.9.5.5. First able version is =media-gfx/imagemagick-6.9.5.10. No vulnerable version left in repository. @ Security: Please vote!
GLSA Vote: No
