Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 628808 (CVE-2017-13658) - <media-gfx/imagemagick-{,}: Denial of Service Vulnerabilities.
Summary: <media-gfx/imagemagick-{,}: Denial of Service Vulnerabilities.
Alias: CVE-2017-13658
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa cve]
Depends on:
Reported: 2017-08-24 12:44 UTC by D'juan McDonald (domhnall)
Modified: 2017-09-17 21:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-08-24 12:44:49 UTC
From ${URL}:

In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

CVE Details:

Upstream Bug:

Upstream Patch:
Comment 1 D'juan McDonald (domhnall) 2017-08-24 12:56:18 UTC
@maintainer(s), after bump, please follow procedure to stabilize if needed and close on report, thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 2 D'juan McDonald (domhnall) 2017-09-05 04:46:31 UTC
Upstream Bug:
Upstream Bug:
commit e5c063a1007506ba69e97a35effcdef944421c89

commit 82b53bd74df1489332e4043035a51b43f54d43f1

commit 7d3af83d8b946f952bfd028451e6dfb1f7ace07a

@maintainer(s), above patches were pushed under incorrect ticket upstream. All patches in OUR ticket here apply to same CVE.

Daj Uan (jmbailey/mbailey_j)
Gentoo Security Padawan