Bug 1055437 (CVE-2017-13144)

Summary: VUL-2: CVE-2017-13144: GraphicsMagick,ImageMagick: In ImageMagick before 6.9.7-10, there is a crash (rather than a "widthor height exceeds limit" error report) if the image dimensions are toolarge, as demonstrated by use of the mpc coder.
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/190919/
Whiteboard: CVSSv2:NVD:CVE-2017-13144:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:RedHat:CVE-2017-13144:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv2:SUSE:CVE-2017-13144:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:SUSE:CVE-2017-13144:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: pic.jpg

Description Marcus Meissner 2017-08-24 07:31:49 UTC
CVE-2017-13144

In ImageMagick before 6.9.7-10, there is a crash (rather than a "width
or height exceeds limit" error report) if the image dimensions are too
large, as demonstrated by use of the mpc coder.

https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
Comment 1 Marcus Meissner 2017-08-24 07:33:16 UTC
Created attachment 738137 [details]
pic.jpg

QA REPRODUCER:

ImageMAgick:
identify pic.jpg

GraphicsMagick:
gm identify pic.jpg

should show (GOOD):
pic.jpg JPEG 624x28281+0+0 PseudoClass 256c 8-bit 101.4Ki 0.000u 0m:0.000006s

BAD would be an error message.
Comment 2 Marcus Meissner 2017-08-24 07:33:44 UTC
i tried sle11 ImageMagick and GraphicsMagick, sle12 ImageMagick and also factory.

none triggered the error message.
Comment 3 Petr Gajdos 2018-01-05 00:34:50 UTC
The error message is GOOD as long as the size of the image or size of memory to be used is limited via policy.xml.

Marcus, please read the upstream issue referenced in comment 0 and tell me what is actually the security issue.

What I see from there is just an error message missing.