Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626660 (CVE-2017-11750) - <media-gfx/imagemagick-{6.9.9-4,7.0.6-4}: DoS (NULL pointer deference) via crafted file (CVE-2017-11750)
Summary: <media-gfx/imagemagick-{6.9.9-4,7.0.6-4}: DoS (NULL pointer deference) via cr...
Status: RESOLVED FIXED
Alias: CVE-2017-11750
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/ImageMagick/ImageM...
Whiteboard: ~3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-30 20:11 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2017-09-17 21:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-30 20:11:55 UTC
From URL:

Description: The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-22 20:27:55 UTC
@Security

From the new URL:

A CVE will have to say bug was introduced in 6.9.9.4 and 7.0.6-4, fixed in 6.9.9-5 and 7.0.6-5.

those versions were never stable but even in the case they were, they are already fixed.

Could you please confirm the new whiteboard and proceed to add the CVE with CVETool to be able to close the report?

Thanks,

Gentoo Security Padawan
ChrisADR