Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623886 (CVE-2017-10799, CVE-2017-10800) - <media-gfx/graphicsmagick-1.3.26: Denial of Service (OOM)
Summary: <media-gfx/graphicsmagick-1.3.26: Denial of Service (OOM)
Status: RESOLVED FIXED
Alias: CVE-2017-10799, CVE-2017-10800
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://hg.code.sf.net/p/graphicsmagic...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-05 16:52 UTC by D'juan McDonald (domhnall)
Modified: 2017-10-23 00:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-07-05 16:52:54 UTC
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.

$URL https://nvd.nist.gov/vuln/detail/CVE-2017-10800#vulnDescriptionTitle
Comment 1 D'juan McDonald (domhnall) 2017-07-05 17:23:40 UTC
(In reply to Dajuan (sfc) Mcdonald from comment #0)

When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().

$URL https://nvd.nist.gov/vuln/detail/CVE-2017-10799
Comment 2 D'juan McDonald (domhnall) 2017-08-04 00:47:52 UTC
(In reply to Dajuan Mcdonald (mbailey_j) from comment #0)

CVE-2017-10800 
Upstream Patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012
Comment 3 D'juan McDonald (domhnall) 2017-08-04 01:00:23 UTC
@maintainers, please Merge updates from head for 1.3.25 release.
Comment 4 D'juan McDonald (domhnall) 2017-08-22 13:40:15 UTC
Upstream Patch 1/2:Fix memory Leak  in ReadMATImage (CVE-2017-10800)

http://hg.code.sf.net/p/graphicsmagick/code/rev/91b707030bda

Upstream Patch 2/2: ??

See: 
[1.3.25] http://hg.code.sf.net/p/graphicsmagick/code/rev/1c07f70e5dd9
(V.s) 
[1.3.26] http://hg.code.sf.net/p/graphicsmagick/code/rev/db4eb7f97eeb

@maintainer(s), CVE-2017-10799 has no working fix. The CVE report(er) incorrectly states 1.3.25 as having 'coders/dpx.c', however it's only in 1.3.26.

Please test and proceed to stabilize, thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 5 D'juan McDonald (domhnall) 2017-09-03 06:17:50 UTC
Upstream Patch CVE-2017-10799:(
https://github.com/ImageMagick/ImageMagick/commit/961eb7c6fe2f1efc0be11d950c4500cd0cd17702
)
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2017-10-23 00:13:39 UTC
GLSA Vote: No

Cleanup tracked in bug #631562