Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 29 May 2023 17:15:31 +0000
From: Bastien Roucariès <rouca@...ian.org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: Stack overflow in imagemagick coders/tiff.c

Le lundi 29 mai 2023, 08:11:18 UTC Bastien Roucariès a écrit :
Hi following this bug I will also ask a few other CVE for imagemagick tiff coder (BTW cc me I am not subscribed)

> Hi,

CVE#0
> 
> Reading changelog and code of imagemagick, I want to report a stack overflow with crafted tiff file in imagemagick
> 
> Fixed (after 6.9.12-26) by:
> https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023
> 
> Original reporter was Muhammad Aldo Firmansyah
> 
> Thanks 
> 
> Bastien (rouca)

CVE #1

commit 7dbefda1c14e32d7bc4d3762a3a54f3ddaa85dd1
Author: Dirk Lemstra <dirk@...stra.org>
Date:   Sat Feb 19 07:46:46 2022 +0100

    Raise exception when image could not be read but no exception was raised.
    
    Bail out in case of corrupted image
    
    https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b
    (cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b)


CVE#2

commit 08f1e56a006d939dc85ddfab29e85579a65f4943
Author: Cristy <urban-warrior@...gemagick.org>
Date:   Fri Feb 11 10:46:49 2022 -0500

    Fix unintialised value
    
    bug: https://github.com/ImageMagick/ImageMagick/issues/4830
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab

CVE#3

commit fb2beb87936fc0155431f655a937e869a86edf16
Author: Cristy <urban-warrior@...gemagick.org>
Date:   Thu Mar 17 15:02:49 2022 -0400

    Fix buffer overrun in TIFF coder
    
    bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549
    origin: https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238

commit 4e1a165888a6aa7230dbdd7c87f59aadd5dbedec
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Fri Dec 17 14:05:04 2021 -0500

    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd

commit 1b899a81bfdfec4cbe1ec7458825c50f00144fdb
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Sun Mar 14 07:44:52 2021 -0400

    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5

CVE#4

commit 01669597f665868cf1e4ccf27ab6fcd52aadaa43
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Sat Nov 6 09:01:26 2021 -0400

    early exit on exception
    
    In case of malformed tiff image bail early
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50
    (cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50)


CVE#5
commit 506cdfbc6d246301be4b12ccdfc6d493c643deca
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Sat Sep 4 07:45:17 2021 -0400

    initialize buffer before calling TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae

commit f4ac98518241b8074735314f27b7eb47ee823e57
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Fri Sep 3 19:45:32 2021 -0400

    Fix a non initialized value passed to TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae

CVE#6

commit 0c1a7d649cfc31ec53f0f5c20c0e793df2512ac5
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Mon Jul 26 13:38:45 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245
    origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea

commit b0c59a56625aaa3a9c13bfe4f88e287c38e062c9
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Mon Jul 26 13:26:21 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245

commit b7882f2795db4e4e8f578cbe712dc4b81a47113f
Author: Cristy <mikayla-grace@...an-warrior.org>
Date:   Mon Jul 26 13:08:57 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.