Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 638110 (CVE-2017-16546) - <media-gfx/imagemagick-{6.9.9.23,7.0.7.11}: heap allocation errors, use of uninitialized values in wpg.c
Summary: <media-gfx/imagemagick-{6.9.9.23,7.0.7.11}: heap allocation errors, use of un...
Status: RESOLVED FIXED
Alias: CVE-2017-16546
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: imagemagick-7 639992 640668 641172 641190 641192 641194 641196 641198
Blocks: CVE-2017-15281
  Show dependency tree
 
Reported: 2017-11-19 10:04 UTC by Attila Tóth
Modified: 2018-07-28 18:22 UTC (History)
0 users

See Also:
Package list:
media-gfx/imagemagick-6.9.9.23 media-gfx/imagemagick-7.0.7.11
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Attila Tóth 2017-11-19 10:04:44 UTC
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

Reproducible: Always




ImageMagick issue:
https://github.com/ImageMagick/ImageMagick/issues/851
Patch referenced in CVE works:
https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-19 18:01:10 UTC
@Maintainers could you confirme if SLOT 6.x.x is affected?

Thank you
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-28 23:35:16 UTC
6.x is affected, https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
Comment 3 Larry the Git Cow gentoo-dev 2017-11-28 23:38:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34286ccffab7bd989b57e3876707d630b339e9fb

commit 34286ccffab7bd989b57e3876707d630b339e9fb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-11-28 23:38:01 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-11-28 23:38:19 +0000

    media-gfx/imagemagick: Bump to v6.9.9.23 / 7.0.7.11
    
    Bug: https://bugs.gentoo.org/638110
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 media-gfx/imagemagick/Manifest                    |   2 +
 media-gfx/imagemagick/imagemagick-6.9.9.23.ebuild | 185 ++++++++++++++++++++++
 media-gfx/imagemagick/imagemagick-7.0.7.11.ebuild | 185 ++++++++++++++++++++++
 3 files changed, 372 insertions(+)}
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-29 16:06:01 UTC
@ Arches,

please test and mark stable:

  =media-gfx/imagemagick-6.9.9.23: alpha amd64 arm hppa ia64 ppc ppc64 x86 sparc


  =media-gfx/imagemagick-7.0.7.11: alpha amd64 arm hppa ia64 ppc ppc64 x86 aparc
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-29 18:53:48 UTC
x86 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2017-11-30 20:21:32 UTC
Stable on alpha.
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-03 11:19:15 UTC
ia64/ppc/ppc64 stable
Comment 8 Markus Meier gentoo-dev 2017-12-12 18:40:12 UTC
arm stable
Comment 9 Rolf Eike Beer archtester 2017-12-13 21:02:50 UTC
obsoleted by 640692
Comment 11 Pacho Ramos gentoo-dev 2017-12-15 21:16:30 UTC
I think I have covered all reverse deps stable bugs now.. but, please, next time remember to check for reverse deps (specially in this case that a tracker bug existed) before CCing arches to stab

Thanks
Comment 12 Rolf Eike Beer archtester 2017-12-24 16:03:24 UTC
Obsoleted by bug 640692, sparc was already handled there.
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-28 11:00:44 UTC
sparc stabled 7.0.7.14
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2018-01-20 19:34:55 UTC
Newer versions already stabilized and tree is clean of vulnerable versions WRT this bug.

The stable request bugs should not be blocking this.  7.x is also stable on all stable arches.

GLSA Vote: No