Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645366 (CVE-2017-18027, CVE-2017-18028, CVE-2017-18029, CVE-2018-5357, CVE-2018-5358) - <media-gfx/imagemagick-{6.9.9.40,7.0.7.28}: Multiple memory leaks
Summary: <media-gfx/imagemagick-{6.9.9.40,7.0.7.28}: Multiple memory leaks
Status: RESOLVED FIXED
Alias: CVE-2017-18027, CVE-2017-18028, CVE-2017-18029, CVE-2018-5357, CVE-2018-5358
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on: CVE-2018-10177, CVE-2018-6405, CVE-2018-6876, CVE-2018-6930, CVE-2018-7443, CVE-2018-7470, CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-9135
Blocks:
  Show dependency tree
 
Reported: 2018-01-22 14:47 UTC by GLSAMaker/CVETool Bot
Modified: 2018-08-04 23:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-22 14:47:47 UTC 
CVE-2018-5358 (https://nvd.nist.gov/vuln/detail/CVE-2018-5358):
  ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes
  function in coders/json.c, as demonstrated by the ReadPSDLayersInternal
  function in coders/psd.c.

CVE-2018-5357 (https://nvd.nist.gov/vuln/detail/CVE-2018-5357):
  ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in
  coders/dcm.c.

CVE-2017-18029 (https://nvd.nist.gov/vuln/detail/CVE-2017-18029):
  In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c, which allow remote attackers to cause
  a denial of service via a crafted file.

CVE-2017-18028 (https://nvd.nist.gov/vuln/detail/CVE-2017-18028):
  In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in
  the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to
  cause a denial of service via a crafted file.

CVE-2017-18027 (https://nvd.nist.gov/vuln/detail/CVE-2017-18027):
  In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c, which allow remote attackers to cause
  a denial of service via a crafted file.