629932 – (CVE-2017-14137, CVE-2017-14138, CVE-2017-14139) <media-gfx/imagemagick-{6.9.9.5,7.0.6.5}: Multiple Vulnerabilities (memory leak/exhaustion)

Bug 629932 (CVE-2017-14137, CVE-2017-14138, CVE-2017-14139) - <media-gfx/imagemagick-{6.9.9.5,7.0.6.5}: Multiple Vulnerabilities (memory leak/exhaustion)

Summary: <media-gfx/imagemagick-{6.9.9.5,7.0.6.5}: Multiple Vulnerabilities (memory le...

Status:	RESOLVED FIXED

Alias:	CVE-2017-14137, CVE-2017-14138, CVE-2017-14139

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/ImageMagick/ImageM...
Whiteboard:	B3 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-09-05 03:47 UTC by D'juan McDonald (domhnall)
Modified:	2017-11-11 14:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-09-05 03:47:44 UTC

ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has a issue where memory allocation is excessive because it depends only on a length field in a header.

CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14137)
Upstream Source:(https://github.com/ImageMagick/ImageMagick/issues/641)
- We can reproduce it and will have a patch to fix it in GIT master branch
 
Patch 2/2 for #641:
commit cb63560ba25e4a6c51ab282538c24877fff7d471
commit cfc2bd4c87481d4cf60308cc6ffd3c61288ff004

Remarks for #641:"The fix breaks reading all WebP images. See lines 266 - 269"

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14138)
Upstream Source:(https://github.com/ImageMagick/ImageMagick/issues/639)
-We can reproduce it and will have a patch to fix it in GIT master branch
 
Patch 4/4 for #639:
commit 13f4cbc6ed5e01a78d179f5be0032ed560adfb1a
commit 5ea1396db9b6a85a11a65daa99d267517f3cbdcd   Cristy committed Aug 1, 2017
commit def00c720dffb57a821bd8acd77eac7b10a0568b
commit 06ccb0ccdcca8219862a05c5589329903473235f

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.

CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14139)
Upstream Source:(https://github.com/ImageMagick/ImageMagick/issues/578)
- We can reproduce it and will have a patch to fix it in GIT master branch

 Patch 2/2 for #578:
commit 0dfce0579c881245e495aa2d8d114e63b96a860e
commit d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6

@maintainer(s), Patches available...

Daj Uan (jmbailey/mbailey_j)
Gentoo Security Padawan

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2017-10-23 17:08:39 UTC

CVE-2017-14139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139):
  ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in
  coders/msl.c.

CVE-2017-14138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138):
  ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in
  coders/webp.c because memory is not freed in certain error cases, as
  demonstrated by VP8 errors.

CVE-2017-14137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137):
  ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where
  memory allocation is excessive because it depends only on a length field in
  a header.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-28 15:42:33 UTC

n repository since https://github.com/gentoo/gentoo/commit/e1658f8bb1511ac66fe7dc2a1d00cfae4be4f43a#diff-c3da9b5318c1a67d6927fb8032d46fe5

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-11-11 14:17:50 UTC

This issue was resolved and addressed in
 GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).