oss-sec mailing list archives
CVE requests for various ImageMagick issues
From: anarcat () debian org (Antoine Beaupré)
Date: Tue, 20 Dec 2016 13:06:29 -0500
Hi, The Debian security tracker has a number of unassigned security issues that I have been working on in the last week as part of the Debian LTS project. I am hereby requesting CVE identifiers for the following (20) issues. It is unclear why upstream hasn't requested those themselves, but I assume, given the time since those issues were discovered, that they will not proceed with requests themselves and there should be no duplicates here. The Debian security team is very dilligent in handling CVEs and if there were identifiers already issued for those issues, they would have been sorted out already. I include the Debian bug numbers, the upstream commit and, when possible, the upstream issue where more discussions sometimes took place. I also include a Debian-specific reference URL that we use internally to keep track of the issue which shows which versions of Debian are fixed and other notes. Some issues also include when the issue was fixed upstream in cases where it was obvious in the commitlog or Debian release process. All commits are on the Imagemagick 7 and generally have a counterpart on the 6 branch, available in Debian or upstream, unless otherwise noted. It is the first time I request a large number of CVE identifiers. I have tried to provide as much details as I could. Given the amount of information actually available upstream, this has proven to be difficult. I hope the format is acceptable and the information sufficient, I would welcome any feedback as to how to improve this process. I would also like to remind the list that the following request is still pending CVE IDs: http://www.openwall.com/lists/oss-security/2016/02/22/4 Thanks in advance. Off-by-one count when parsing an 8BIM profile ============================================= Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug-767240 Reference URL: https://security-tracker.debian.org/767240 Upstream commit: N/A Upsteram issue: N/A Upstream version fixed: 6.8.9-9 I could not find which exact commit patched this specific vulnerability. All other issues reported here have patches attached. Sorry for the inconvenience. Buffer overflow in draw.c ========================= Debian bug: https://bugs.debian.org/833730 Reference URL: https://security-tracker.debian.org/833730 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f Upstream issue: N/A Upstream version fixed: 6.9.5-5 memory leak in XML file transversal =================================== Debian bug: https://bugs.debian.org/833732 Reference URL: https://security-tracker.debian.org/833732 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb Upstream issue: N/A Upstream version fixed: 6.9.4-7 arbitrary module loading due to not escaping relative path ========================================================== Debian bug: https://bugs.debian.org/833735 Reference URL: https://security-tracker.debian.org/833735 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb Upstream issue: N/A Upstream version fixed: 6.9.4-7 Buffer overflow when reading corrupt RLE files ============================================== Debian bug: https://bugs.debian.org/833743 Reference URL: https://security-tracker.debian.org/833743 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4 Upstream issue: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710 Upstream version fixed: 6.9.4-4 Heap overflow when reading corrupt RLE files ============================================ Debian bug: https://bugs.debian.org/833744 Reference URL: https://security-tracker.debian.org/833744 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf Upstream issue: N/A Upstream version fixed: 6.9.4-8 Use after free when using identify or convert ============================================= Debian bug: https://bugs.debian.org/834183 Reference URL: https://security-tracker.debian.org/834183 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521 Upstream issue: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245 Upstream version fixed: 6.9.5-5 Out-of-bound in exif (jpeg) reader ================================== Debian bug: https://bugs.debian.org/834501 Reference URL: https://security-tracker.debian.org/834501 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742 Upstream issue: N/A Upstream version fixed: 6.9.5-6 TIFF divide by zero =================== Debian bug: https://bugs.debian.org/836171 Reference URL: https://security-tracker.debian.org/836171 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5 Upstream issue: N/A Upstream version fixed: 6.9.5-8 Buffer overflow in SIXEL, PDB, MAP, and CALS coders =================================================== Debian bug: https://bugs.debian.org/836172 Reference URL: https://security-tracker.debian.org/836172 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1 Upstream issue: N/A Upstream version fixed: 6.9.5-8 Memory leak in psd file handling ================================ Debian bug: https://bugs.debian.org/845239 Reference URL: https://security-tracker.debian.org/845239 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a Upstream issue: N/A Upstream version fixed: 6.9.6-3 TIFF file buffer overflow ========================= Debian bug: https://bugs.debian.org/845195 Reference URL: https://security-tracker.debian.org/845195 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 Upstream issue: N/A Upstream version fixed: 6.9.4-1 Check return of write function ============================== Debian bug: https://bugs.debian.org/845196 Reference URL: https://security-tracker.debian.org/845196 Upstream commit: - https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 - https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/196 Upstream version fixed: 7.0.1-10 The above fixes may be incomplete, according to the upstream issue. In addition, the -6 branch seems to have an incomplete fix as well. Check validity of extend during TIFF file reading ================================================= Debian bug: https://bugs.debian.org/845198 Reference URL: https://security-tracker.debian.org/845198 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 Upstream issue: N/A Upstream version fixed: 6.9.5-1 Better check for bufferoverflow for TIFF handling ================================================= Debian bug: https://bugs.debian.org/845202 Reference URL: https://security-tracker.debian.org/845202 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288 Upstream issue: N/A Upstream version fixed: 6.9.5-1 Fix out of bound read in viff file handling =========================================== Debian bug: https://bugs.debian.org/845212 Reference URL: https://security-tracker.debian.org/845212 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05 Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/129 Upstream version fixed: 7.0.1-0 Suspend exception processing if there are too many exceptions ============================================================= Debian bug: https://bugs.debian.org/845213 Reference URL: https://security-tracker.debian.org/845213 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 Upstream issue: N/A Upstream version fixed: 6.9.4-5 Commit against 6 branch, unknown if fixed or relevant on 7 branch. This commit may also be necessary to trigger exceptions early: https://github.com/ImageMagick/ImageMagick/commit/f6e9d0d9955e85bdd7540b251cd50d598dacc5e6 Prevent fault in MSL interpreter ================================ Debian bug: https://bugs.debian.org/845241 Reference URL: https://security-tracker.debian.org/845241 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22 Upstream issue: https://www.imagemagick.org/discourse-server/viewtopic.php?f-3&t-30797 Upstream version fixed: 6.9.6-4 Add check for invalid mat file ============================== Debian bug: https://bugs.debian.org/845244 Reference URL: https://security-tracker.debian.org/845244 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0 Upstream issue: N/A Upstream version fixed: 6.9.4-5 Commit against 6 branch, unknown if fixed or relevant on 7 branch. mat file out of bound ===================== Debian bug: https://bugs.debian.org/845246 Reference URL: https://security-tracker.debian.org/845246 Upstream commit: - https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455 - https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25 Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/131 Upstream version fixed: 6.9.4-0 Commits against 6 branch, unknown if fixed or relevant on 7 branch.
Attachment:
signature.asc
Description:
Current thread:
- CVE requests for various ImageMagick issues Antoine Beaupré (Dec 20)
- Re: CVE requests for various ImageMagick issues cve-assign (Dec 26)