626658 – (CVE-2017-11751) <media-gfx/imagemagick-7.0.6-4: DoS via crafted file (CVE-2017-11751)

Bug 626658 (CVE-2017-11751) - <media-gfx/imagemagick-7.0.6-4: DoS via crafted file (CVE-2017-11751)

Summary: <media-gfx/imagemagick-7.0.6-4: DoS via crafted file (CVE-2017-11751)

Status:	RESOLVED FIXED

Alias:	CVE-2017-11751

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://github.com/ImageMagick/ImageM...
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-07-30 20:08 UTC by Christopher Díaz Riveros (RETIRED)
Modified:	2017-09-17 20:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-30 20:08:36 UTC

From URL:

Description: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-08-22 20:46:11 UTC

@Security

The bug was already fixed by upstream and tree is clean. The only affected version was non-stable so dropped to ~3, we only need to add CVE.

Thanks

Gentoo Security Padawan
ChrisADR