Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 20 Dec 2019 13:11:08 +0530
From: Mohammad Tausif Siddiqui <msiddiqu@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requests: three vulnerabilities in ImageMagick

Hi Galycannon,

Whom did you request the CVE ? Please follow this:
https://cve.mitre.org/cve/request_id.html

On Thu, Dec 19, 2019 at 5:14 PM GalyCannon <galycannon@...il.com> wrote:

> Hi,
>    I have found three vulnerabilities in ImageMagick and all this have
> patched by ImageMagick developer team. However, I requested cve ids for
> these vulveribilities and get no any response. How should I  request CVE
> ids for vulnerilities I found in ImageMagick now? Which CNA should I
> contact with to assign CVE ids for open source software such as
> imagemagick?
>    The three vulnerabilities details as below.
>     1. heap-buffer-overflow in WritePNGImage of png.c
> [Suggested description]
> In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
> heap-buffer-overflow overflow in the function WritePNGImage of png.c ,
> which allows remote attackers to cause  arbitrary code execution, denial of
> service or possibly have unspecified other impact via a crafted image file
> .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function WritePNGImage of png.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc ./test.png
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1561
>
> https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce
>
>
> https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
>    2. heap-buffer-overflow in WriteSGIImage of coders/sgi.c
> [Suggested description]
> In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
> heap-buffer-overflow overflow in the function WriteSGIImage of coders/sgi.c
> , which allows remote attackers to cause  arbitrary code execution, denial
> of service or possibly have unspecified other impact via a crafted image
> file  .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function WriteSGIImage of coders/sgi.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc ./test.sgi
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1562
>
> https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c
>
>
> https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
>  3. heap-use-after-free in MngInfoDiscardObject of coders/png.c
> [Suggested description]
> In ImageMagick   7.0.9-7, there is a heap-use-after-free in function
> MngInfoDiscardObject of coders/png.c , which allows remote attackers to
> cause  arbitrary code execution, denial of service or possibly have
> unspecified other impact via a crafted image file  .
> [Vendor of Product]
> https://imagemagick.org
> [Affected Component]
> function MngInfoDiscardObject of coders/png.c
> [Attack Type]
> Remote
> [Attack Vectors]
> magick convert $poc /dev/null
> [Reference]
> https://github.com/ImageMagick/ImageMagick/issues/1791
>
> https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c
>
> [Discoverer]
> galycannon of JDCloud Security Team
>
> Regards,
> galycannon
>


-- 

Tausif Siddiqui

Red Hat Product Security

0EE1 F6BF 8991 9A65 0A79  A0A7 5849 60EC 88B8 2C71

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.