Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 643912 (CVE-2017-18022, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248) - <media-gfx/imagemagick-{6.9.9.31,7.0.7.19}: Multiple memory leaks
Summary: <media-gfx/imagemagick-{6.9.9.31,7.0.7.19}: Multiple memory leaks
Status: RESOLVED FIXED
Alias: CVE-2017-18022, CVE-2018-5246, CVE-2018-5247, CVE-2018-5248
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-08 16:18 UTC by GLSAMaker/CVETool Bot
Modified: 2018-04-21 19:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-08 16:18:01 UTC
CVE-2018-5248 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5248):
  In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in
  coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode
  function.

CVE-2018-5247 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5247):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in
  coders/rla.c.

CVE-2018-5246 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-5246):
  In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in
  coders/pattern.c.

CVE-2017-18022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18022):
  In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand
  in MagickWand/montage.c.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-04-21 19:18:59 UTC
This was done via bug 643560.