Date: Tue, 28 Feb 2017 08:19:36 -0600 (CST) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security@...ts.openwall.com Subject: Re: Re: GraphicsMagick heap out of bounds write issue This problem has been issued CVE-2017-6335. The original reporter has tried to post CVE-assignment information to the list but the mail has not made it through yet. Bob On Fri, 24 Feb 2017, Bob Friesenhahn wrote: > I would like to ammend this report in that the situation is a read beyond an > allocated heap buffer rather than a write beyond the end of an allocated heap > buffer as was originally reported. The application may crash but should not > be otherwise compromised. > > Bob > > On Thu, 23 Feb 2017, Bob Friesenhahn wrote: > >> GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated >> heap buffer when reading CMYKA TIFF files which claim to offer fewer >> samples per pixel than required. >> >> This is the tiffinfo description of the problematic TIFF file: >> >> TIFF Directory at offset 0x808 (2056) >> Image Width: 34 Image Length: 48 >> Bits/Sample: 8 >> Sample Format: unsigned integer >> Compression Scheme: None >> Photometric Interpretation: separated >> Extra Samples: 1<unassoc-alpha> >> Orientation: row 0 top, col 0 lhs >> Samples/Pixel: 2 >> Rows/Strip: 32 >> Planar Configuration: single image plane >> >> The fix for this is Mercurial changeset 14998:6156b4c2992d which may be >> viewed at SourceForge via this link: >> >> https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/ >> >> A minimal patch to correct the problem is attached. >> >> This issue was reported to us on February 15, 2017 by Valon Chu. >> >> Bob >> > > -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ