Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623886 (CVE-2017-10799, CVE-2017-10800) - <media-gfx/graphicsmagick-1.3.26: Denial of Service (OOM)
Summary: <media-gfx/graphicsmagick-1.3.26: Denial of Service (OOM)
Alias: CVE-2017-10799, CVE-2017-10800
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2017-07-05 16:52 UTC by D'juan McDonald (domhnall)
Modified: 2017-10-23 00:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-07-05 16:52:54 UTC
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.

Comment 1 D'juan McDonald (domhnall) 2017-07-05 17:23:40 UTC
(In reply to Dajuan (sfc) Mcdonald from comment #0)

When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().

Comment 2 D'juan McDonald (domhnall) 2017-08-04 00:47:52 UTC
(In reply to Dajuan Mcdonald (mbailey_j) from comment #0)

Upstream Patch:
Comment 3 D'juan McDonald (domhnall) 2017-08-04 01:00:23 UTC
@maintainers, please Merge updates from head for 1.3.25 release.
Comment 4 D'juan McDonald (domhnall) 2017-08-22 13:40:15 UTC
Upstream Patch 1/2:Fix memory Leak  in ReadMATImage (CVE-2017-10800)

Upstream Patch 2/2: ??


@maintainer(s), CVE-2017-10799 has no working fix. The CVE report(er) incorrectly states 1.3.25 as having 'coders/dpx.c', however it's only in 1.3.26.

Please test and proceed to stabilize, thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 5 D'juan McDonald (domhnall) 2017-09-03 06:17:50 UTC
Upstream Patch CVE-2017-10799:(
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2017-10-23 00:13:39 UTC
GLSA Vote: No

Cleanup tracked in bug #631562