Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 4 Dec 2016 22:17:35 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
> 
> The problem is that the embedded JPEG data claims to have dimensions 
> 5939556833 and
> this is only learned after we are in the JPEG reader.
> 
> AddressSanitizer failed to allocate 0xfb8065000 bytes of LargeMmapAllocator
> 
> MagickRealloc ... GraphicsMagick-1.3.24/magick/memory.c:471:18
> OpenCache ... GraphicsMagick-1.3.24/magick/pixel_cache.c:3155:7


>> From: Bob Friesenhahn
>> Date: Thu, 1 Dec 2016 21:20:13 -0600 (CST)
>> ...
>> We did make an unreleased fix (Mercurial changeset 14953:38d0f281e8c8,
>> and earlier changeset 14831:28c0bb8bf89a), but perhaps not the way you
>> like. The fix which was made was to require that the embedded JPEG
>> data has the same dimensions as the containing JNG file. The existing
>> resource limit mechanism would then allow the user to constrain the
>> size of the JNG image. The default constraints in a 64-bit build are
>> larger than what the JPEG format supports.

Use CVE-2016-9830.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYRNjcAAoJEHb/MwWLVhi2unEP/026aCl/yFoWW+oA6eBTE90K
crzLOqQvjd0xCLXZtZJzRYn1WD1YUm+2ViYpAWScUzazeqqQbdrESua2oHBUt9wJ
9MB0fHmxrt/X4FYeudBB98Jvm5d+fUs7OYNg6nlEUeeOVLyU8hSTbn6s0FVGp7TT
ewBIlJTixW76jKB63DNDZ6lVc/UvYgCzaYiR5SfjXRWjfddQZjtgbsxDb3B+iQ4s
kAbtvPDknfia5B0dewSogp7A0e5I2wfanhTWQRCYO7hTJFH7BhRd4u/Sj6bHn8WB
mxm9kq/ghCzG3vHRelZLIXp6rQ0LR5x9BfjCfFMU5PwEbWGpH/z0Omie5XsSH5hk
YR0Erj9BUBthPAeRCFYbkl9yhUfIn14d6Oj8SyMHto6FZ7kutFeWp1M/zQStXN2w
U/zKpHE1aOknMW0mGqenRI5BS5bhbR+KHimPfQVdTG/1DcbhPblsrpisChP4R4Nl
zwS2C5AYusq0jhAlJM+dFOIXyDM5t5tkP/Iqb+Xhks5SNnu67vl4t47JSY4nONgF
0MP2myZ0GtvkTI2AUDKFxapC2+LWNfOIqNAiIRino5ydLsvEke5jiglesTnEsI5S
/k65wgNAGUNHRi3+unBMeeOBxuPRFliLi+zj/GOvWPz1voZ4oMPFdrY2AG1jOJvx
HpRkWF3tQVXvCyW5QUgX
=ES9U
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ