|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-11472: ImageMagick,GraphicsMagick: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/230158/ | ||
| Whiteboard: | CVSSv2:NVD:CVE-2019-11472:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2019-11472:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2019-11472:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv3:SUSE:CVE-2019-11472:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
fpe_xwd.c:490_1.xwd
fpe_xwd.c:520_1.xwd |
||
|
Description
Marcus Meissner
2019-04-24 06:23:16 UTC
Created attachment 803461 [details]
fpe_xwd.c:490_1.xwd
QA REPRODUCER:
identify -verbose fpe_xwd.c\:490_1.xwd
should not crash
Created attachment 803462 [details]
fpe_xwd.c:520_1.xwd
QA REPRODUCER:
identify -verbose fpe_xwd.c\:520_1.xwd
should not crash
affects both IM and GM Let this be a common comment for this bug, bug 1133202 and bug 1133203. What I think that happened: Hongxu Chen reported bugs to github/ImageMagick as https://github.com/ImageMagick/ImageMagick/issues/1546 https://github.com/ImageMagick/ImageMagick/issues/1553 (this has not CVE yet) and was such excellent reporter that tried also with GraphicsMagick and reported to them. BEFORE 15,12/ImageMagick $ identify -verbose fpe_xwd.c_490_1.xwd Aborted (core dumped) $ identify -verbose fpe_xwd.c_520_1.xwd Aborted (core dumped) $ valgrind -q identify -verbose read_xwd.c_573_1.xwd ==9071== Invalid read of size 1 ==9071== at 0x6EEB5AA: ??? (in /usr/lib64/libX11.so.6.3.0) ==9071== by 0x91FB232: ReadXWDImage (xwd.c:520) ==9071== by 0x4EB6BD9: ReadImage (constitute.c:558) ==9071== by 0x4EB7B4E: ReadImages (constitute.c:870) ==9071== by 0x535FD0C: IdentifyImageCommand (identify.c:321) ==9071== by 0x538DB54: MagickCommandGenesis (mogrify.c:183) ==9071== by 0x10937F: MagickMain (magick.c:149) ==9071== by 0x584CF49: (below main) (in /lib64/libc-2.26.so) ==9071== Address 0xeea5a36 is not stack'd, malloc'd or (recently) free'd ==9071== /root/bin/vgq: line 18: 9071 Aborted (core dumped) valgrind -q $@ $ valgrind -q identify -verbose read_xwd.c_573_2.xwd ==9081== Invalid read of size 1 ==9081== at 0x6EEB5AA: ??? (in /usr/lib64/libX11.so.6.3.0) ==9081== by 0x91FB232: ReadXWDImage (xwd.c:520) ==9081== by 0x4EB6BD9: ReadImage (constitute.c:558) ==9081== by 0x4EB7B4E: ReadImages (constitute.c:870) ==9081== by 0x535FD0C: IdentifyImageCommand (identify.c:321) ==9081== by 0x538DB54: MagickCommandGenesis (mogrify.c:183) ==9081== by 0x10937F: MagickMain (magick.c:149) ==9081== by 0x584CF49: (below main) (in /lib64/libc-2.26.so) ==9081== Address 0x9a55430 is not stack'd, malloc'd or (recently) free'd ==9081== /root/bin/vgq: line 18: 9081 Aborted (core dumped) valgrind -q $@ $ 15.0,42.3/GraphicsMagick $ gm identify -verbose fpe_xwd.c_490_1.xwd gm identify: abort due to signal 8 (SIGFPE) "Arithmetic Exception"... Aborted (core dumped) $ gm identify -verbose fpe_xwd.c_520_1.xwd gm identify: abort due to signal 8 (SIGFPE) "Arithmetic Exception"... Aborted (core dumped) $ gm identify -verbose read_xwd.c_573_1.xwd gm identify: abort due to signal 11 (SIGSEGV) "Segmentation Fault"... Aborted (core dumped) $ gm identify -verbose read_xwd.c_573_2.xwd gm identify: Improper image header (read_xwd.c_573_2.xwd). gm identify: Request did not return an image. $ PATCH will update xwd.c to newest version AFTER 15,12/ImageMagick $ identify -verbose fpe_xwd.c_490_1.xwd identify: improper image header `fpe_xwd.c_490_1.xwd' @ error/xwd.c/ReadXWDImage/242. $ identify -verbose fpe_xwd.c_520_1.xwd identify: improper image header `fpe_xwd.c_520_1.xwd' @ error/xwd.c/ReadXWDImage/242. $ valgrind -q identify -verbose read_xwd.c_573_1.xwd identify: improper image header `read_xwd.c_573_1.xwd' @ error/xwd.c/ReadXWDImage/242. $ valgrind -q identify -verbose read_xwd.c_573_2.xwd identify: improper image header `read_xwd.c_573_2.xwd' @ error/xwd.c/ReadXWDImage/242. $ 42.3,15.0/GraphicsMagick $ gm identify -verbose fpe_xwd.c_490_1.xwd gm identify: Improper image header (fpe_xwd.c_490_1.xwd). gm identify: Request did not return an image. $ gm identify -verbose fpe_xwd.c_520_1.xwd gm identify: Improper image header (fpe_xwd.c_520_1.xwd). gm identify: Request did not return an image. $ gm identify -verbose read_xwd.c_573_1.xwd gm identify: Improper image header (read_xwd.c_573_1.xwd). gm identify: Request did not return an image. $ gm identify -verbose read_xwd.c_573_2.xwd gm identify: Improper image header (read_xwd.c_573_2.xwd). gm identify: Request did not return an image. $ Will submit for: 15/ImageMagick and 12/ImageMagick. I believe all fixed. SUSE-SU-2019:14043-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1130330,1131317,1132053,1132060,1133204,1133205,1133498,1133501 CVE References: CVE-2019-10650,CVE-2019-11007,CVE-2019-11009,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-9956 Sources used: SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.97.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2019:1523-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1136183,1136732 CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.61.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): ImageMagick-7.0.7.34-3.61.3 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.61.3 SUSE Linux Enterprise Module for Development Tools 15 (src): ImageMagick-7.0.7.34-3.61.3 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): ImageMagick-7.0.7.34-3.61.3 SUSE Linux Enterprise Module for Desktop Applications 15 (src): ImageMagick-7.0.7.34-3.61.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2019:1603-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1136183,1136732 CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598 Sources used: openSUSE Leap 15.1 (src): ImageMagick-7.0.7.34-lp151.7.3.1 openSUSE Leap 15.0 (src): ImageMagick-7.0.7.34-lp150.2.32.1 SUSE-SU-2019:1712-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464 CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Server 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Desktop 12-SP4 (src): ImageMagick-6.8.8.1-71.123.2 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.123.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2019:1683-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464 CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-85.1 released |