Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626440 (CVE-2017-11722) - <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (CVE-2017-11722)
Summary: <media-gfx/graphicsmagick-1.3.27: The WriteOnePNGImage function in coders/png...
Status: RESOLVED FIXED
Alias: CVE-2017-11722
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://hg.code.sf.net/p/graphicsmagic...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-28 14:25 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-03-26 01:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
CVE-2017-11722.patch (CVE-2017-11722.patch,1.41 KB, patch)
2017-08-25 23:24 UTC, Andrey Ovcharov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-28 14:25:15 UTC
From URL:

Description
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.

References:

http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-22 20:57:43 UTC
@Security

The bug was already fixed by upstream. The only affected version was non-stable so dropped to ~3, we only need to add CVE.

Thanks

Gentoo Security Padawan
ChrisADR
Comment 2 Andrey Ovcharov 2017-08-25 23:24:16 UTC
Created attachment 490598 [details, diff]
CVE-2017-11722.patch
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-20 17:32:44 UTC
@Security please add CVE before closing the report.

Gentoo Security Padawan
ChrisADR
Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-24 18:40:00 UTC
Re-opening:

WriteOnePNGImage is also affected in Graphicsmagick 1.3.25 which is stable. Reassigning B3 to Whiteboard and PR with the patch and the new revision added to the tree.

@Maintainers please excuse the confusion and the possible problems originated by my mistake with this report. In the case you accept the proposed PR, please call for stabilization when ready or let us know.

PS: The same patch could apply to 1.3.26 while waiting for the next official release. 


PR:
https://github.com/gentoo/gentoo/pull/5786

Gentoo Security Padawan
ChrisADR
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-26 00:24:16 UTC
@maintainer(s), please clean the vulnerable version from the tree.
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-26 01:37:07 UTC
cleanup will be tracked in bug #640690

GLSA Vote: No