620920 – (CVE-2017-9141, CVE-2017-9142) <media-gfx/imagemagick-7.0.5-7: Multiple Vulnerabilities

Bug 620920 (CVE-2017-9141, CVE-2017-9142) - <media-gfx/imagemagick-7.0.5-7: Multiple Vulnerabilities

Summary: <media-gfx/imagemagick-7.0.5-7: Multiple Vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2017-9141, CVE-2017-9142

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~4 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-06-05 14:56 UTC by Volkan
Modified:	2017-09-17 21:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Volkan 2017-06-05 14:56:09 UTC

CVE-2017-9141 ImageMagick: Missing checks in the ReadDDSImage function
In ImageMagick a crafted file could trigger an assertion failure in the
ResetImageProfileIterator function in MagickCore/profile.c because of missing
checks in the ReadDDSImage function in coders/dds.c.

Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd

Upstream issue:
https://github.com/ImageMagick/ImageMagick/issues/489
------------------------------------------------------------------------------
CVE-2017-9142 ImageMagick: Missing checks in the ReadOneJNGImage function
In ImageMagick a crafted file could trigger an assertion failure in the
WriteBlob function in MagickCore/blob.c because of missing checks in the
ReadOneJNGImage function in coders/png.c.

Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a

Upstream issue:
https://github.com/ImageMagick/ImageMagick/issues/490