Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 630256 (CVE-2017-14172, CVE-2017-14173, CVE-2017-14174, CVE-2017-14175) - <media-gfx/imagemagick-{6.9.9.18,7.0.7.6}: Multiple Vulnerabilities (CVE-2017-{14172,14173,14174,14175})
Summary: <media-gfx/imagemagick-{6.9.9.18,7.0.7.6}: Multiple Vulnerabilities (CVE-2017...
Status: RESOLVED FIXED
Alias: CVE-2017-14172, CVE-2017-14173, CVE-2017-14174, CVE-2017-14175
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://github.com/ImageMagick/ImageM...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-07 15:34 UTC by D'juan McDonald (domhnall)
Modified: 2017-11-11 14:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-09-07 15:34:38 UTC
From ${URL}:

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.

Upstrea:(https://github.com/ImageMagick/ImageMagick/issues/715)

Patch:https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14172

 
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.

Patch:https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d

Upstream:(https://github.com/ImageMagick/ImageMagick/issues/713)

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14173

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.

Patch: 2/2
https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64

Upstream:(https://github.com/ImageMagick/ImageMagick/issues/714)

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14174

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.

Upstream:(https://github.com/ImageMagick/ImageMagick/issues/712)

Patch:https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14175


@maintainer(s), after bump, please call for stabilization if needed, thank you.

Daj Uan (jmbailey/mbailey_j)
Gentoo Security Padawan
Comment 1 D'juan McDonald (domhnall) 2017-09-07 15:48:51 UTC
@maintainer(s), further research points to multiple patches for each cve , located at upstream /issues/#.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 17:10:02 UTC
CVE-2017-14175 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175):
  In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to
  lack of an EOF (End of File) check might cause huge CPU consumption. When a
  crafted XBM file, which claims large rows and columns fields in the header
  but does not contain sufficient backing data, is provided, the loop over the
  rows would consume huge CPU resources, since there is no EOF check inside
  the loop.

CVE-2017-14174 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174):
  In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal()
  due to lack of an EOF (End of File) check might cause huge CPU consumption.
  When a crafted PSD file, which claims a large "length" field in the header
  but does not contain sufficient backing data, is provided, the loop over
  "length" would consume huge CPU resources, since there is no EOF check
  inside the loop.

CVE-2017-14173 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173):
  In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an
  integer overflow might occur for the addition operation
  "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value
  than expected. As a result, an infinite loop would occur for a crafted TXT
  file that claims a very large "max_value" value.

CVE-2017-14172 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172):
  In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to
  lack of an EOF (End of File) check might cause huge CPU consumption. When a
  crafted PSD file, which claims a large "extent" field in the header but does
  not contain sufficient backing data, is provided, the loop over "length"
  would consume huge CPU resources, since there is no EOF check inside the
  loop.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-11-11 14:17:58 UTC
This issue was resolved and addressed in
 GLSA 201711-07 at https://security.gentoo.org/glsa/201711-07
by GLSA coordinator Aaron Bauman (b-man).