Date: Thu, 04 Jun 2015 12:08:20 +0530 From: Siddharth Sharma <sisharma@...hat.com> To: oss-security@...ts.openwall.com Cc: Yury German <yury@...hnologysecure.com>, jodie.cunningham+osssecurity@...il.com Subject: Re: Imagemagick fuzzing bug On Saturday, January 17, 2015 13:06:07 Yury German wrote: > Do we have a CVE assigned to this by chance? > > > On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES > > <roucaries.bastien@...il.com> wrote: > > > > Hi, > > > > during the previous month google and Jodie Cunningham. > > > > have done a security audit of imagemagick and found a lot of security bug: > > * Avoid a DOS in vision.c due to an infinite loop. > > * Avoid a SEGV due to a corrupted pnm file. > > * Do not leak fd due to corrupted file. > > * Fix a double free in pdb coder. > > * Fix a SEGV due to corrupted dpc and xwd images. > > * Fix a SEGV in dpx file handler. > > * Fix a SEGV in malformed xwd file handler. > > * Avoid a NULL pointer dereference in ps file handling. > > * Fix a crash with corrupted viff file. > > * Fix a NULL pointer dereference in wpg file handling. > > * Do not continue on corrupted wpg file. > > * Avoid an out of bound access in viff image. > > * Avoid a heap buffer overflow in pdb file handling. > > * Avoid an out of bound acess on malformed sun file. > > * Avoid heap overflow in palm, pnm and xpm files. > > * Fix heap overflow in quantum, palm and psd file. > > * Fix handling of corrupted of psd, sun and xpm file. > > * Fix corrupted (too many colors) psd file. > > * Fix an out of bound acess in sun file. > > * Fix handling of corrupted sun and wpg file. > > * Fix heap overflow in pcx file, psd, pict and wpf files > > > > and DOS in xpm files. > > > > * Add additional PNM sanity checks. > > * Avoid a crash to out of memory in magick/cache.c > > * Fix a theorical out of bound access in magick/colormap-private.h > > * Fix an out of bound access in palm file. > > * Fixed throwing of exceptions in psd handling and fix a memory leak. > > * Fixed boundary checks in DecodePSDPixels. > > * Fix another out of bound problem in rle file. > > * Fix crash due to corrupted dib file. > > * Added checks to prevent overflow in rle file. > > * Impose a limit of 10 million columns or rows in an input PNG > > * Don't try to handle a "previous" image in the JNG decoder. > > * Avoid a memory leak in quantum management. > > * Avoid a crash in png coder. > > * Thread limit should be at least 1 in order to be efficient. > > * In psd file handling fixed parsing resource block and > > > > avoid a crash. > > > > * In cache fix usage of object after it has been destroyed. > > * Avoid a memory leak in rle file handling. > > * During identification of image do not fill memory > > > > Patch queue is here: > > http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-> > patches/22.214.171.124-4-for-upstream It has been quite a while this thread seems dead, hence wanted to ask if any of the above mentioned security issue got CVE assigned or these are not considered to get CVEs and to be fixed as it is ? Regards, -- Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A Fingerprint : 0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ