Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 16 Jan 2017 19:13:04 -0500
From: <cve-assign@...re.org>
To: <carnil@...ian.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<roucaries.bastien+debian@...il.com>
Subject: Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] coders/ipl.c: "ipl file missing malloc check"
> Debian Bug: https://bugs.debian.org/851485
> Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20

Use CVE-2016-10144.


> [] coders/wpg.c: off-by-one error
> Debian Bug: https://bugs.debian.org/851483
> Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9

Use CVE-2016-10145.


> [] magick/profile.c: double-free memory corruption
> Debian Bug: https://bugs.debian.org/851383
> Upstream Bug: https://github.com/ImageMagick/ImageMagick/issues/354
> Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb

Use CVE-2017-5506.


> [] coders/mpc.c: memory leak in mpc file handling
> Debian Bug: https://bugs.debian.org/851382
> Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738

Use CVE-2017-5507.


> [] PushQuantumPixel heap buffer-overflow
> Debian Bug: https://bugs.debian.org/851381
> Upstream report: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
> https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175

Use CVE-2017-5508.


> [] memory leak in caption and label handling
> Debian Bug: https://bugs.debian.org/851380
> Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456

Use CVE-2016-10146.


> [] coders/psd.c: out-of-bounds write flaw in psd file handling
> Debian Bug: https://bugs.debian.org/851377
> Upstream report: https://github.com/ImageMagick/ImageMagick/issues/350

Use CVE-2017-5509.


> [] coders/psd.c: out-of-bounds write flaw in psd file handling
> (different issue from the above)
> Debian Bug: https://bugs.debian.org/851376
> Upstream report: https://github.com/ImageMagick/ImageMagick/issues/348

Use CVE-2017-5510.


> [] coders/psd.c: memory corruption heap overflow
> Debian Bug: https://bugs.debian.org/851374
> Upstream report: https://github.com/ImageMagick/ImageMagick/issues/347

Use CVE-2017-5511.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+eAAoJEHb/MwWLVhi2QIcQALYMUMbHIVzC/24Y52Ew+i4A
r5V0YSNAC0vPdKoF4zbpOeeOfQjrvPhdM4t0cvcRZnzNvlig81CyB4O72791d6Gz
g6HJ0Gnmkl9evckmw4vT9zVknf1FZ+q3bMe1rRR2b8JfhI4ZMLaPQcc9r7KapN9C
pMh/Am+PT+h3OZN+GQQnPj5MHgr2znYROM1tiqi9roj4E5HTBJmGoDypd503TTI8
ljbje8cmCykJsy+te/qft5avhYujLkiVABu/jOgfxL+8lWXPWS8rRjgspgpt34Hl
S7J+L5FX5U2AAutwLxmzTM7sI+eyLWZtAJOBJ0tS0/mhQ236F1T7zwQRzSlhKxBY
1u/SbXLckTlXaeKqzxglSUUgJCFeCFLdMfT0jwlrP7wbMD8BxhHBAuiEulNRJOFA
JOrZAClEJv4toG2+Cd9CxDFosqaih2PB0uDIantimLB50zWBrytcNel7UMxrpH1K
QXYxUpuzc/Odr7KvuFS0n1QislNiRzdEIt9VnvF8RWrgBwYe/Xh78YGFgB8K0GdW
9gHoI9FOAAqP1g/+6Rwh2NJvIAraEthQQzPNNvazCKrCYeyCflMlc4uypAkFxyQS
Pw6B5RNiWcH1UewKJnglJpgMboXkEFMRjZg3ccLYTet9qn4M4bbn5m2iQGJQYzwn
6HF+uhc12KUYrnrDbJp2
=Io2X
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ