oss-sec mailing list archives
Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)
From: cve-assign () mitre org
Date: Thu, 22 Sep 2016 01:17:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Date: Sun, 7 Aug 2016 17:12:15 +0200
off-by-one error leading to segfault: Debian Bug: https://bugs.debian.org/832455 Additional references: ---------------------- https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
Use CVE-2016-7513.
out-of-bounds read in coders/psd.c: Debian Bug: https://bugs.debian.org/832457 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1533442 https://github.com/ImageMagick/ImageMagick/issues/83 https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1 AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7514.
rle file handling for corrupted file: Debian Bug: https://bugs.debian.org/832461 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1533445 https://github.com/ImageMagick/ImageMagick/issues/82 https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1 AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7515.
buffer overflow in sun file handling: Debian Bug: https://bugs.debian.org/832464 Additional references: ---------------------- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838 https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
Use CVE-2015-8957.
potential DOS in sun file handling due to malformed files: Debian Bug: https://bugs.debian.org/832465 Additional references: ---------------------- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857 https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75 https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961 https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
Use CVE-2015-8958.
out of bounds problem in rle, pict, viff and sun files: Debian Bug: https://bugs.debian.org/832467
https://bugs.launchpad.net/bugs/1533452 https://github.com/ImageMagick/ImageMagick/issues/77 AddressSanitizer: heap-buffer-overflow READ of size 4 viff.c
Use CVE-2016-7516.
https://bugs.launchpad.net/bugs/1533449 https://github.com/ImageMagick/ImageMagick/issues/80 AddressSanitizer: heap-buffer-overflow READ of size 1 pict.c
Use CVE-2016-7517.
https://bugs.launchpad.net/bugs/1533447 https://github.com/ImageMagick/ImageMagick/issues/81 AddressSanitizer: heap-buffer-overflow READ of size 1 sun.c
Use CVE-2016-7518.
https://bugs.launchpad.net/bugs/1533445 https://github.com/ImageMagick/ImageMagick/issues/82 AddressSanitizer: heap-buffer-overflow READ of size 1 rle.c
Use CVE-2016-7519.
heap overflow in hdr file handling: Debian Bug: https://bugs.debian.org/832469 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537213 https://github.com/ImageMagick/ImageMagick/issues/90 https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556 AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7520.
heap buffer overflow in psd file handling: Debian Bug: https://bugs.debian.org/832474 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537418 https://github.com/ImageMagick/ImageMagick/issues/92 https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4 AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7521.
out of bound access for malformed psd file: Debian Bug: https://bugs.debian.org/832475 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537419 https://github.com/ImageMagick/ImageMagick/issues/93 https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58 AddressSanitizer: heap-buffer-overflow READ of size 2
Use CVE-2016-7522.
meta file out of bound access: Debian Bug: https://bugs.debian.org/832478 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537420 https://github.com/ImageMagick/ImageMagick/issues/96 https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6 https://github.com/ImageMagick/ImageMagick/commit/5a34d7ac889bd6645f6cfd164636e3efb56dbb2f
We are not sure that we understand this set of references. bugs/1537420 does not link to issues/96. We will assign separate CVE IDs for these pairs of references:
https://bugs.launchpad.net/bugs/1537420 https://github.com/ImageMagick/ImageMagick/issues/94 AddressSanitizer: heap-buffer-overflow READ of size 1 meta.c:496
Use CVE-2016-7523.
https://bugs.launchpad.net/bugs/1537422 https://github.com/ImageMagick/ImageMagick/issues/96 AddressSanitizer: heap-buffer-overflow READ of size 1 meta.c:465
Use CVE-2016-7524.
heap buffer overflow in psd file coder: Debian Bug: https://bugs.debian.org/832480 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537424 https://github.com/ImageMagick/ImageMagick/issues/98 https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8 AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7525.
out of bound access in wpg file coder: Debian Bug: https://bugs.debian.org/832482 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1539050 https://bugs.launchpad.net/bugs/1542115 https://github.com/ImageMagick/ImageMagick/issues/102 https://github.com/ImageMagick/ImageMagick/issues/122 https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
We will assign separate CVE IDs for these subsets of the references:
https://bugs.launchpad.net/bugs/1539050 https://github.com/ImageMagick/ImageMagick/issues/102 https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 AddressSanitizer: heap-buffer-overflow WRITE of size 2
Use CVE-2016-7526.
https://bugs.launchpad.net/bugs/1542115 https://github.com/ImageMagick/ImageMagick/issues/122 https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41 AddressSanitizer: global-buffer-overflow READ of size 4096
Use CVE-2016-7527.
out of bound access for viff file coder: Debian Bug: https://bugs.debian.org/832483 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1537425 https://github.com/ImageMagick/ImageMagick/issues/99 https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135 AddressSanitizer: SEGV on unknown address
Use CVE-2016-7528.
out of bound access in xcf file coder: Debian Bug: https://bugs.debian.org/832504 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1539051 https://bugs.launchpad.net/bugs/1539052 https://github.com/ImageMagick/ImageMagick/issues/104 https://github.com/ImageMagick/ImageMagick/issues/103 https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7529.
out of bound in quantum handling: Debian Bug: https://bugs.debian.org/832506 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1539067 https://bugs.launchpad.net/bugs/1539053 https://github.com/ImageMagick/ImageMagick/issues/105 https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70 https://github.com/ImageMagick/ImageMagick/issues/110 https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3 AddressSanitizer: heap-buffer-overflow WRITE of size 1
Use CVE-2016-7530.
pbd file out of bound access: Debian Bug: https://bugs.debian.org/832633 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1539061 https://bugs.launchpad.net/bugs/1542112 https://github.com/ImageMagick/ImageMagick/issues/107 AddressSanitizer: heap-buffer-overflow WRITE of size 28 WRITE of size 1
Use CVE-2016-7531.
Fix handling of corrupted psd file: Debian Bug: https://bugs.debian.org/832776 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1539066 https://github.com/ImageMagick/ImageMagick/issues/109 AddressSanitizer: heap-buffer-overflow READ of size 5632
Use CVE-2016-7532.
wpg file out of bound for corrupted file: Debian Bug: https://bugs.debian.org/832780 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1542114 https://github.com/ImageMagick/ImageMagick/issues/120 https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a AddressSanitizer: heap-buffer-overflow READ of size 1
Use CVE-2016-7533.
out of bound access in generic decoder: Debian Bug: https://bugs.debian.org/832785 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1542785 https://github.com/ImageMagick/ImageMagick/issues/126 https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd AddressSanitizer: heap-buffer-overflow WRITE of size 2
Use CVE-2016-7534.
out of bound access for corrupted psd file: Debian Bug: https://bugs.debian.org/832787 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1545180 https://github.com/ImageMagick/ImageMagick/issues/128 AddressSanitizer: heap-buffer-overflow WRITE of size 1
Use CVE-2016-7535.
SEGV reported in corrupted profile handling: Debian Bug: https://bugs.debian.org/832789 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1545367 https://github.com/ImageMagick/ImageMagick/issues/130 https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453 AddressSanitizer: SEGV on unknown address
Use CVE-2016-7536.
out of bound access for corrupted pdb file: Debian Bug: https://bugs.debian.org/832791 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1553366 https://github.com/ImageMagick/ImageMagick/issues/143 https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f AddressSanitizer: heap-buffer-overflow READ of size 128
Use CVE-2016-7537.
SIGABRT for corrupted pdb file: Debian Bug: https://bugs.debian.org/832793 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1556273 https://github.com/ImageMagick/ImageMagick/issues/148 https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472 AddressSanitizer: heap-buffer-overflow WRITE of size 65700
Use CVE-2016-7538.
DOS due to corrupted DDS files: Debian Bug: https://bugs.debian.org/832944 Additional references: ---------------------- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861 https://github.com/ImageMagick/ImageMagick/commit/93ab016764c7f787829d9065440d86f5609765110
This has a stray '9' character. It is supposed to be: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
Use CVE-2015-8959 for this entire coders/dds.c report from 2015.
DOS due to corrupted DDS files: Debian Bug: https://bugs.debian.org/832942 Additional references: ---------------------- https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52 https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
Use CVE-2014-9907 for this entire coders/dds.c report from 2014.
potential DOS by not releasing memory: Debian Bug: https://bugs.debian.org/833101 Additional references: ---------------------- Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
Use CVE-2016-7539.
writing to rgf format aborts: Debian Bug: https://bugs.debian.org/827643 Additional references: ---------------------- https://bugs.launchpad.net/bugs/1594060 https://github.com/ImageMagick/ImageMagick/pull/223
Use CVE-2016-7540. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX42gvAAoJEHb/MwWLVhi2ItEP/0xGPlLZNqqWzGSq/xBspzMX bwnMiwZrZXwKktNqOzhi4AhwLFPJzF74nVFf/DX1p5ZkmwfIlIdzFfYfPAlMDPH1 A/NLVnuDGmPOGblStiv92LbIBYXk8Rib1ise+37ekwsG6qa0RIk8VfSS+PTXUa62 4bec1cH+mWKaC5o27jOcWqaGoV2anFicXKiwQfj93HYtiauXN00dzWOtkGK/Av/q NlAe5pABEu8vVgIaXC7ZsHpAMNxlZSU015KffjgdAaXh/NK7g5Pkg9Zj0bo/A72q 5JHYCU7QMJBgnc6QDXC6vM+9DMOmWSzbaYH/5MFF1y897HqaIHhBef1yeg/kRtkX ojzMsVzMls8jdFnRH+05lp63YfL9WKGsXe9o0rQcEX+wWg5rePaJNDLhVc04iSG0 26MjVd/Dd+uhDSLBZpf31tDCjO6rBMO17kl606OUI2isxmUUPogB4iT1tNeM5QtW FqHaH+/i+DArcNI5yWIRf2OmFSfWKjkzJ7IRWvXpCJ1Kbwc8WbJgRqF0r6zVuAq5 gJjgtQUdjoQMhpsPDQkOKjxsCoqBFwv/a6wNeA0o/ov9z6ue8gz9PY/9sxUsgt7N +mMHvGwWg9/CXVxPTZyNjA5ViJUwG/wrl7Hd6Ri5kJqaUNMtX6uB9+BXfFLkUn8Q Kpv5aJqNL+N3osUfnMd4 =GSns -----END PGP SIGNATURE-----
Current thread:
- CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) Salvatore Bonaccorso (Aug 07)
- Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) cve-assign (Sep 21)