Bug 1051416 (CVE-2017-11755)

Summary: VUL-2: CVE-2017-11755: GraphicsMagick, ImageMagick: WritePICONImage in coders/xpm.c allows to cause DoS
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/189319/
Whiteboard: CVSSv2:SUSE:CVE-2017-11755:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:SUSE:CVE-2017-11755:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2017-11755:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv2:NVD:CVE-2017-11755:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2017-11755:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Reproducer

Description Johannes Segitz 2017-07-31 06:56:52 UTC
Created attachment 734502 [details]
Reproducer

CVE-2017-11755

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows
remote attackers to cause a denial of service (memory leak) via a crafted file
that is mishandled in an AcquireSemaphoreInfo call.

valgrind convert Memory-Leak-21_output_picon_1501391824.23 out.picon

Might be dup of bsc#1051412 since https://github.com/ImageMagick/ImageMagick/issues/631 indicates that it's fixed by the same commit

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11755
https://github.com/ImageMagick/ImageMagick/issues/634
Comment 1 Marcus Meissner 2017-09-29 06:01:54 UTC
memleak described is sizeof(SemaphoreInfo). minor leak. deferable.
Comment 2 Petr Gajdos 2018-01-02 11:55:49 UTC
I cannot reproduce any other memory leaks than that ones listed in bug 1051412, closing as duplicate as the upstream did.

*** This bug has been marked as a duplicate of bug 1051412 ***