626174 – (CVE-2016-7539) <media-gfx/imagemagick-6.9.4.1: memory leak in AcquireVirtualMemory

Bug 626174 (CVE-2016-7539) - <media-gfx/imagemagick-6.9.4.1: memory leak in AcquireVirtualMemory

Summary: <media-gfx/imagemagick-6.9.4.1: memory leak in AcquireVirtualMemory

Status:	RESOLVED OBSOLETE

Alias:	CVE-2016-7539

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-25 21:37 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-07-25 22:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-25 21:37:59 UTC

From URL:

Description
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

References:

http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&amp;t=28946
http://www.openwall.com/lists/oss-security/2016/09/22/2	
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833101
https://bugzilla.redhat.com/show_bug.cgi?id=1378776
https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-25 22:34:51 UTC

Fixed by upstream since 6.9.4.0. Landed in Gentoo via bf1360d003a494888c306a9b8ae00452861d13f9 in 6.9.4.1. Current stable version in Gentoo repository is 6.9.7.4. All done.