Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 08:19:36 -0600 (CST)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security@...ts.openwall.com
Subject: Re: Re: GraphicsMagick heap out of bounds write
 issue

This problem has been issued CVE-2017-6335.

The original reporter has tried to post CVE-assignment information to 
the list but the mail has not made it through yet.

Bob

On Fri, 24 Feb 2017, Bob Friesenhahn wrote:

> I would like to ammend this report in that the situation is a read beyond an 
> allocated heap buffer rather than a write beyond the end of an allocated heap 
> buffer as was originally reported.  The application may crash but should not 
> be otherwise compromised.
>
> Bob
>
> On Thu, 23 Feb 2017, Bob Friesenhahn wrote:
>
>> GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated 
>> heap buffer when reading CMYKA TIFF files which claim to offer fewer 
>> samples per pixel than required.
>> 
>> This is the tiffinfo description of the problematic TIFF file:
>> 
>> TIFF Directory at offset 0x808 (2056)
>>  Image Width: 34 Image Length: 48
>>  Bits/Sample: 8
>>  Sample Format: unsigned integer
>>  Compression Scheme: None
>>  Photometric Interpretation: separated
>>  Extra Samples: 1<unassoc-alpha>
>>  Orientation: row 0 top, col 0 lhs
>>  Samples/Pixel: 2
>>  Rows/Strip: 32
>>  Planar Configuration: single image plane
>> 
>> The fix for this is Mercurial changeset 14998:6156b4c2992d which may be 
>> viewed at SourceForge via this link:
>> 
>> https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
>> 
>> A minimal patch to correct the problem is attached.
>> 
>> This issue was reported to us on February 15, 2017 by Valon Chu.
>> 
>> Bob
>> 
>
>

-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ