Bug 1050100 (CVE-2017-11526)

Summary: VUL-1: CVE-2017-11526: ImageMagick: ReadOneMNGImage in coders/png.c allows remote attackers to cause DoS
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.2   
URL: https://smash.suse.de/issue/189004/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2017-07-24 09:37:56 UTC 
CVE-2017-11526

The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and
7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large
loop and CPU consumption) via a crafted file.

Factory only.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11526
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11526
https://github.com/ImageMagick/ImageMagick/issues/527
Comment 2 Petr Gajdos 2018-01-15 06:37:00 UTC 
12/ImageMagick

BEFORE

$ identify cpu-mng 
identify: corrupt image `cpu-mng' @ error/png.c/ReadOneMNGImage/5107.
$
[takes few seconds]

AFTER

$ identify cpu-mng
identify: insufficient image data in file `cpu-mng' @ error/png.c/ReadOneMNGImage/5229.
$
[returns immediatelly]
Comment 6 Petr Gajdos 2018-01-16 07:34:19 UTC 
11/ImageMagick

BEFORE

$ identify cpu-mng 
identify: Corrupt image `cpu-mng'.
$
[takes few seconds]

AFTER

$ identify cpu-mng
identify: Insufficient image data in file `cpu-mng'.
$
[returns immediatelly]
Comment 7 Petr Gajdos 2018-01-16 11:17:22 UTC 
42.x/GraphicsMagick

BEFORE

$ gm identify cpu-mng
gm identify: Corrupt image (cpu-mng).
gm identify: Request did not return an image.
$
[exits immediately]

AFTER

$ gm identify cpu-mng
gm identify: Corrupt image (cpu-mng).
gm identify: Request did not return an image.
$
[exits immediately]

Considered not affected.
Comment 10 Petr Gajdos 2018-01-19 15:39:01 UTC 
42.x/GraphicsMagick

BEFORE

$ gm identify cpu-mng
[hangs or runs long]

AFTER

$ gm identify cpu-mng
gm identify: Corrupt image (cpu-mng).
$
[exits immediately]

Considered affected.
Comment 11 Petr Gajdos 2018-01-19 15:39:59 UTC 
(In reply to Petr Gajdos from comment #10)

That should have been

11/GraphicsMagick
 
BEFORE

$ gm identify cpu-mng
[hangs or runs long]

AFTER

$ gm identify cpu-mng
gm identify: Corrupt image (cpu-mng).
$
[exits immediately]

Considered affected.
Comment 12 Petr Gajdos 2018-01-22 11:43:10 UTC 
Submitted for: 12/ImageMagick, 11/ImageMagick and 11/GraphicsMagick
Comment 14 Petr Gajdos 2018-01-22 12:24:47 UTC 
I believe all fixed.
Comment 17 Swamp Workflow Management 2018-02-02 14:09:31 UTC 
SUSE-SU-2018:0349-1: An update that fixes 34 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043353,1043354,1047908,1050037,1050072,1050098,1050100,1050635,1051442,1052470,1052708,1052717,1052721,1052768,1052777,1052781,1054600,1055068,1055374,1055455,1055456,1057000,1060162,1062752,1072362,1072901,1074120,1074125,1074185,1074309,1075939,1076021,1076051
CVE References: CVE-2017-10995,CVE-2017-11505,CVE-2017-11525,CVE-2017-11526,CVE-2017-11539,CVE-2017-11639,CVE-2017-11750,CVE-2017-12565,CVE-2017-12640,CVE-2017-12641,CVE-2017-12643,CVE-2017-12671,CVE-2017-12673,CVE-2017-12676,CVE-2017-12935,CVE-2017-13059,CVE-2017-13141,CVE-2017-13142,CVE-2017-13147,CVE-2017-14103,CVE-2017-14649,CVE-2017-15218,CVE-2017-17504,CVE-2017-17681,CVE-2017-17879,CVE-2017-17884,CVE-2017-17914,CVE-2017-18008,CVE-2017-18027,CVE-2017-18029,CVE-2017-9261,CVE-2017-9262,CVE-2018-5246,CVE-2018-5685
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.33.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.33.1
Comment 18 Swamp Workflow Management 2018-02-02 14:15:14 UTC 
SUSE-SU-2018:0350-1: An update that solves 30 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1043353,1043354,1047908,1050037,1050072,1050098,1050100,1050635,1051442,1052470,1052708,1052717,1052721,1052768,1052777,1052781,1054600,1055374,1055455,1055456,1057000,1060162,1062752,1072362,1074120,1074125,1074185,1074309,1075939,1076021,1076051
CVE References: CVE-2017-10995,CVE-2017-11505,CVE-2017-11525,CVE-2017-11526,CVE-2017-11539,CVE-2017-11639,CVE-2017-11750,CVE-2017-12565,CVE-2017-12640,CVE-2017-12641,CVE-2017-12643,CVE-2017-12671,CVE-2017-12673,CVE-2017-12676,CVE-2017-12935,CVE-2017-13141,CVE-2017-13142,CVE-2017-13147,CVE-2017-14103,CVE-2017-14649,CVE-2017-15218,CVE-2017-17504,CVE-2017-17879,CVE-2017-17884,CVE-2017-17914,CVE-2017-18027,CVE-2017-18029,CVE-2017-9261,CVE-2017-9262,CVE-2018-5685
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.29.2
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.29.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.29.2
Comment 19 Swamp Workflow Management 2018-02-08 11:13:21 UTC 
openSUSE-SU-2018:0396-1: An update that fixes 34 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043353,1043354,1047908,1050037,1050072,1050098,1050100,1050635,1051442,1052470,1052708,1052717,1052721,1052768,1052777,1052781,1054600,1055068,1055374,1055455,1055456,1057000,1060162,1062752,1072362,1072901,1074120,1074125,1074185,1074309,1075939,1076021,1076051
CVE References: CVE-2017-10995,CVE-2017-11505,CVE-2017-11525,CVE-2017-11526,CVE-2017-11539,CVE-2017-11639,CVE-2017-11750,CVE-2017-12565,CVE-2017-12640,CVE-2017-12641,CVE-2017-12643,CVE-2017-12671,CVE-2017-12673,CVE-2017-12676,CVE-2017-12935,CVE-2017-13059,CVE-2017-13141,CVE-2017-13142,CVE-2017-13147,CVE-2017-14103,CVE-2017-14649,CVE-2017-15218,CVE-2017-17504,CVE-2017-17681,CVE-2017-17879,CVE-2017-17884,CVE-2017-17914,CVE-2017-18008,CVE-2017-18027,CVE-2017-18029,CVE-2017-9261,CVE-2017-9262,CVE-2018-5246,CVE-2018-5685
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-52.1
Comment 20 Swamp Workflow Management 2018-02-09 20:09:41 UTC 
SUSE-SU-2018:0413-1: An update that fixes 34 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043353,1043354,1047908,1047910,1050037,1050072,1050100,1051442,1052470,1052708,1052717,1052768,1052777,1052781,1054600,1055038,1055374,1055455,1055456,1057000,1060162,1062752,1067198,1073690,1074023,1074120,1074125,1074175,1075939
CVE References: CVE-2014-9811,CVE-2017-10995,CVE-2017-11102,CVE-2017-11505,CVE-2017-11526,CVE-2017-11539,CVE-2017-11750,CVE-2017-12565,CVE-2017-12640,CVE-2017-12641,CVE-2017-12643,CVE-2017-12673,CVE-2017-12676,CVE-2017-12935,CVE-2017-13065,CVE-2017-13141,CVE-2017-13142,CVE-2017-13147,CVE-2017-14103,CVE-2017-14174,CVE-2017-14649,CVE-2017-15218,CVE-2017-15238,CVE-2017-16669,CVE-2017-17501,CVE-2017-17504,CVE-2017-17782,CVE-2017-17879,CVE-2017-17884,CVE-2017-17915,CVE-2017-8352,CVE-2017-9261,CVE-2017-9262,CVE-2018-5685
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.78.33.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.33.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.33.1
Comment 21 Marcus Meissner 2018-02-12 08:10:03 UTC 
released