Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 04 Jun 2015 12:08:20 +0530
From: Siddharth Sharma <sisharma@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Yury German <yury@...hnologysecure.com>,
        jodie.cunningham+osssecurity@...il.com
Subject: Re: Imagemagick fuzzing bug

On Saturday, January 17, 2015 13:06:07 Yury German wrote:
> Do we have a CVE assigned to this by chance?
> 
> > On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES
> > <roucaries.bastien@...il.com> wrote:
> > 
> > Hi,
> > 
> > during the previous month google and Jodie Cunningham.
> > 
> > have done a security audit of imagemagick and found a lot of security bug:
> >  * Avoid a DOS in vision.c due to an infinite loop.
> >  * Avoid a SEGV due to a corrupted pnm file.
> >  * Do not leak fd due to corrupted file.
> >  * Fix a double free in pdb coder.
> >  * Fix a SEGV due to corrupted dpc and xwd images.
> >  * Fix a SEGV in dpx file handler.
> >  * Fix a SEGV in malformed xwd file handler.
> >  * Avoid a NULL pointer dereference in ps file handling.
> >  * Fix a crash with corrupted viff file.
> >  * Fix a NULL pointer dereference in wpg file handling.
> >  * Do not continue on corrupted wpg file.
> >  * Avoid an out of bound access in viff image.
> >  * Avoid a heap buffer overflow in pdb file handling.
> >  * Avoid an out of bound acess on malformed sun file.
> >  * Avoid heap overflow in palm, pnm and xpm files.
> >  * Fix heap overflow in quantum, palm and psd file.
> >  * Fix handling of corrupted of psd, sun and xpm file.
> >  * Fix corrupted (too many colors) psd file.
> >  * Fix an out of bound acess in sun file.
> >  * Fix handling of corrupted sun and wpg file.
> >  * Fix heap overflow in pcx file, psd, pict and wpf files
> >  
> >    and DOS in xpm files.
> >  
> >  * Add additional PNM sanity checks.
> >  * Avoid a crash to out of memory in magick/cache.c
> >  * Fix a theorical out of bound access in magick/colormap-private.h
> >  * Fix an out of bound access in palm file.
> >  * Fixed throwing of exceptions in psd handling and fix a memory leak.
> >  * Fixed boundary checks in DecodePSDPixels.
> >  * Fix another out of bound problem in rle file.
> >  * Fix crash due to corrupted dib file.
> >  * Added checks to prevent overflow in rle file.
> >  * Impose a limit of 10 million columns or rows in an input PNG
> >  * Don't try to handle a "previous" image in the JNG decoder.
> >  * Avoid a memory leak in quantum management.
> >  * Avoid a crash in png coder.
> >  * Thread limit should be at least 1 in order to be efficient.
> >  * In psd file handling fixed parsing resource block and
> >  
> >    avoid a crash.
> >  
> >  * In cache fix usage of object after it has been destroyed.
> >  * Avoid a memory leak in rle file handling.
> >  * During identification of image do not fill memory
> > 
> > Patch queue is here:
> > http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-> > patches/6.8.9.9-4-for-upstream
It has been quite a while this thread seems dead, hence wanted to ask if any 
of the above mentioned security issue got CVE assigned or these are not 
considered to get CVEs and to be fixed as it is ? 

Regards,
-- 
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A      
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.