Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 904357 (CVE-2023-1906) - <media-gfx/imagemagick-{6.9.12.84, 7.1.1.6}: Multiple vulnerabilities
Summary: <media-gfx/imagemagick-{6.9.12.84, 7.1.1.6}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2023-1906
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 905295
Blocks:
  Show dependency tree
 
Reported: 2023-04-15 08:00 UTC by Sam James
Modified: 2024-05-04 06:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-04-15 08:00:12 UTC
* CVE-2023-1906 (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247)

"A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service."

* No CVE (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr)

"A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file."
Comment 1 Larry the Git Cow gentoo-dev 2023-04-15 08:08:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de00957023df685dd3802adbb29a19265f0c0d45

commit de00957023df685dd3802adbb29a19265f0c0d45
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-04-15 08:07:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-04-15 08:07:23 +0000

    media-gfx/imagemagick: add 6.9.12.84
    
    Bug: https://bugs.gentoo.org/904357
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/imagemagick/Manifest                     |   1 +
 media-gfx/imagemagick/imagemagick-6.9.12.84.ebuild | 271 +++++++++++++++++++++
 2 files changed, 272 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1886cc41914b916e56044289e385dab34496178

commit b1886cc41914b916e56044289e385dab34496178
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-04-15 07:57:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-04-15 08:07:23 +0000

    media-gfx/imagemagick: add 7.1.1.6
    
    Bug: https://bugs.gentoo.org/904357
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/imagemagick/Manifest                   |   1 +
 media-gfx/imagemagick/imagemagick-7.1.1.6.ebuild | 281 +++++++++++++++++++++++
 2 files changed, 282 insertions(+)
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2023-05-06 20:36:24 UTC
Cleanup done
Comment 3 Larry the Git Cow gentoo-dev 2024-05-04 06:14:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a7120d937eaaec2a14046c3d00320bd902c32bf

commit 4a7120d937eaaec2a14046c3d00320bd902c32bf
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-04 06:13:29 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-04 06:14:05 +0000

    [ GLSA 202405-02 ] ImageMagick: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/835931
    Bug: https://bugs.gentoo.org/843833
    Bug: https://bugs.gentoo.org/852947
    Bug: https://bugs.gentoo.org/871954
    Bug: https://bugs.gentoo.org/893526
    Bug: https://bugs.gentoo.org/904357
    Bug: https://bugs.gentoo.org/908082
    Bug: https://bugs.gentoo.org/917594
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-02.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)