Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625404 (CVE-2017-11352) - <media-gfx/imagemagick-{,}: Improper EOF handling in coders/rle.c can trigger crash
Summary: <media-gfx/imagemagick-{,}: Improper EOF handling in coders/rle...
Alias: CVE-2017-11352
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Blocks: CVE-2017-6497, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500, CVE-2017-6501, CVE-2017-6502
  Show dependency tree
Reported: 2017-07-17 13:13 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2017-09-17 20:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-17 13:13:45 UTC
From $URL:

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a
crash because of incorrect EOF handling in coders/rle.c. This is
caused by an incomplete fix of CVE-2017-9144.

Upstream reference:

Upstream fix (ImageMagick-7):

Upstream fix (ImageMagick-6):

MITRE has assigned CVE-2017-11352 for this issue.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-21 11:27:02 UTC
@ Arches,

please test and mark stable: =media-gfx/imagemagick-
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2017-07-21 21:03:58 UTC
ia64 stable
Comment 3 Markus Meier gentoo-dev 2017-07-25 18:52:57 UTC
arm stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-31 11:37:36 UTC
Stable on amd64.
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 21:04:15 UTC
x86 stable
Comment 6 Matt Turner gentoo-dev 2017-08-31 15:21:56 UTC
alpha stable
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2017-09-05 05:37:15 UTC
PPC / PPC please complete stabilization on this security bug.
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-08 22:50:08 UTC
hppa/sparc stable (tested by Dakon)
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-09 17:17:13 UTC
stable for ppc/ppc64

Last arches are done.
Comment 10 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-09 17:28:37 UTC
Thank you.

@Maintainers please drop vulnerable versions.

@Security please vote.

Gentoo Security Padawan
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2017-09-17 20:53:02 UTC
GLSA Vote: No

Tree is clean.