Bug 1106858 (CVE-2018-16329)

Summary: VUL-1: CVE-2018-16329: ImageMagick: NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/213619/
Whiteboard: CVSSv3:SUSE:CVE-2018-16329:4.0:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2018-09-03 06:05:35 UTC 
CVE-2018-16329

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the
GetMagickProperty function in MagickCore/property.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16329
http://www.cvedetails.com/cve/CVE-2018-16329/
https://github.com/ImageMagick/ImageMagick/issues/1225
Comment 1 Petr Gajdos 2018-09-03 08:34:49 UTC 
TW: already fixed by version update
Comment 2 Petr Gajdos 2018-09-03 11:21:08 UTC 
No testcase found.
Comment 3 Petr Gajdos 2018-09-03 14:29:37 UTC 
From the quick look, this is one of examples of 'security bugs' which, in my opinion, should be resolved WONTFIX in fact. If I understand correctly, the issue would happen only if the library would be used wrongly (NULL pointer as an argument). ImageMagick seem to concede one of its argument in question (image, image_info) to be NULL, tries to resolve the wrong usage, hence the confusion. The same way one could conclude that the assert() there could mean a DOS, as long as the library can be called with both arguments set to NULL.

Anyway, I will try to 'fix' it for 15,12/ImageMagick where there is certain chance that it will work with one of arguments NULL. I consider 11/ImageMagick and */GraphicsMagick not affected: magick/property.c/GetMagickProperty() and magick/attribute.c/GetImageInfoAttribute() respectively just assume that no from image, image_info arguments are not NULL.
Comment 4 Petr Gajdos 2018-09-03 14:29:55 UTC 
Will submit for 12/ImageMagick and 15/ImageMagick.
Comment 5 Petr Gajdos 2018-09-03 14:38:03 UTC 
I believe all fixed.
Comment 11 Swamp Workflow Management 2018-09-21 10:14:01 UTC 
SUSE-SU-2018:2778-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
Comment 12 Swamp Workflow Management 2018-09-24 10:09:35 UTC 
openSUSE-SU-2018:2811-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-67.1
Comment 13 Swamp Workflow Management 2018-10-02 19:14:23 UTC 
SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1
Comment 14 Marcus Meissner 2018-10-05 07:06:23 UTC 
released
Comment 15 Swamp Workflow Management 2018-10-05 10:09:54 UTC 
openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1
Comment 16 OBSbugzilla Bot 2021-10-04 16:41:15 UTC 
This is an autogenerated message for OBS integration:
This bug (1106858) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick
Comment 17 OBSbugzilla Bot 2021-10-05 10:41:11 UTC 
This is an autogenerated message for OBS integration:
This bug (1106858) was mentioned in
https://build.opensuse.org/request/show/923178 Factory / ImageMagick