Description The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. Source: MITRE Last Modified: 09/01/2017 Description The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. Source: MITRE Last Modified: 09/01/2017 Description The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Source: MITRE Last Modified: 09/01/2017 Upstream Patch: https://github.com/ImageMagick/ImageMagick/issues/653 https://github.com/ImageMagick/ImageMagick/issues/652 https://github.com/ImageMagick/ImageMagick/issues/656
ReadBMPImage Patch:( https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e ) ReadVIFFImage Patch:( https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15 ) ReadOneLayer Patch:( https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519 )
Fixed in Gentoo via https://github.com/gentoo/gentoo/commit/c1a4d3964144758b282be963b36aaddcef3a4db8#diff-c3da9b5318c1a67d6927fb8032d46fe5
Added to existing GLSA request. Gentoo Security Padawan (jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07 by GLSA coordinator Aaron Bauman (b-man).