Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 629576 (CVE-2017-12691, CVE-2017-12692, CVE-2017-12693) - <media-gfx/imagemagick-{6.9.9.9,7.0.6.9}: Denial of Service via memory consumption (CVE-2017-{12691,12692,12693})
Summary: <media-gfx/imagemagick-{6.9.9.9,7.0.6.9}: Denial of Service via memory consum...
Status: RESOLVED FIXED
Alias: CVE-2017-12691, CVE-2017-12692, CVE-2017-12693
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-01 22:56 UTC by D'juan McDonald (domhnall)
Modified: 2017-11-11 14:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-09-01 22:56:52 UTC
Description
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
Source:  MITRE      Last Modified:  09/01/2017


 
Description
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
Source:  MITRE      Last Modified:  09/01/2017

Description
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
Source:  MITRE      Last Modified:  09/01/2017


Upstream Patch:

https://github.com/ImageMagick/ImageMagick/issues/653

https://github.com/ImageMagick/ImageMagick/issues/652

https://github.com/ImageMagick/ImageMagick/issues/656
Comment 3 D'juan McDonald (domhnall) 2017-11-05 19:04:40 UTC
Added to existing GLSA request.

Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-11-11 14:17:43 UTC
This issue was resolved and addressed in
 GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).