Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 08:19:36 -0600 (CST)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security@...ts.openwall.com
Subject: Re: Re: GraphicsMagick heap out of bounds write
 issue

This problem has been issued CVE-2017-6335.

The original reporter has tried to post CVE-assignment information to 
the list but the mail has not made it through yet.

Bob

On Fri, 24 Feb 2017, Bob Friesenhahn wrote:

> I would like to ammend this report in that the situation is a read beyond an 
> allocated heap buffer rather than a write beyond the end of an allocated heap 
> buffer as was originally reported.  The application may crash but should not 
> be otherwise compromised.
>
> Bob
>
> On Thu, 23 Feb 2017, Bob Friesenhahn wrote:
>
>> GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated 
>> heap buffer when reading CMYKA TIFF files which claim to offer fewer 
>> samples per pixel than required.
>> 
>> This is the tiffinfo description of the problematic TIFF file:
>> 
>> TIFF Directory at offset 0x808 (2056)
>>  Image Width: 34 Image Length: 48
>>  Bits/Sample: 8
>>  Sample Format: unsigned integer
>>  Compression Scheme: None
>>  Photometric Interpretation: separated
>>  Extra Samples: 1<unassoc-alpha>
>>  Orientation: row 0 top, col 0 lhs
>>  Samples/Pixel: 2
>>  Rows/Strip: 32
>>  Planar Configuration: single image plane
>> 
>> The fix for this is Mercurial changeset 14998:6156b4c2992d which may be 
>> viewed at SourceForge via this link:
>> 
>> https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
>> 
>> A minimal patch to correct the problem is attached.
>> 
>> This issue was reported to us on February 15, 2017 by Valon Chu.
>> 
>> Bob
>> 
>
>

-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.