|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-13299: ImageMagick: heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/236479/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-13299:5.1:(AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVSSv2:NVD:CVE-2019-13299:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2019-13299:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2019-13299:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2019-07-08 09:41:44 UTC
BEFORE
15/ImageMagick
$ valgrind -q convert -seed 0 "(" magick:netscape -monochrome ")" "(" magick:netscape +repage ")" -geometry 433%-80-57 -adjoin -evaluate-sequence Median temp
==7464== Invalid read of size 4
==7464== at 0x4FCC19A: EvaluateImages (statistic.c:592)
==7464== by 0x5395980: MogrifyImageList (mogrify.c:8491)
==7464== by 0x5396EE8: MogrifyImages (mogrify.c:8920)
==7464== by 0x5329004: ConvertImageCommand (convert.c:3267)
==7464== by 0x538DB54: MagickCommandGenesis (mogrify.c:183)
==7464== by 0x10937F: MagickMain (magick.c:149)
==7464== by 0x584CF49: (below main) (in /lib64/libc-2.26.so)
==7464== Address 0x91d7c00 is 0 bytes after a block of size 248,832 alloc'd
==7464== at 0x4C30386: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7464== by 0x4C304A1: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7464== by 0x4F4F424: AcquireAlignedMemory (memory.c:266)
==7464== by 0x4E9591D: OpenPixelCache (cache.c:3744)
==7464== by 0x4E75BFD: GetImagePixelCache (cache.c:1761)
==7464== by 0x4E97E3A: SyncImagePixelCache (cache.c:5505)
==7464== by 0x4F85D12: AssignImageColors (quantize.c:512)
==7464== by 0x4F87CA2: QuantizeImage (quantize.c:2714)
==7464== by 0x4E88671: SetImageType (attribute.c:1260)
==7464== by 0x5393D25: MogrifyImage (mogrify.c:2207)
==7464== by 0x5396EA0: MogrifyImages (mogrify.c:8901)
==7464== by 0x53278B6: ConvertImageCommand (convert.c:620)
==7464==
$
12/ImageMagick
$ valgrind -q convert -seed 0 "(" magick:netscape -monochrome ")" "(" magick:netscape +repage ")" -geometry 433%-80-57 -adjoin -evaluate-sequence Median temp
$
[no issues observed]
11/ImageMagick
$ convert -seed 0 "(" magick:netscape -monochrome ")" "(" magick:netscape +repage ")" -geometry 433%-80-57 -adjoin -evaluate-sequence Median temp
convert: unrecognized option `-evaluate-sequence'.
$
[testcase not applicable]
PATCH
https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc
https://github.com/ImageMagick/ImageMagick/commit/933bf025119f0de25ee589b706c09c8bb46d5a48
https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
d4fc44b fixes unrelated issue #1611, but by the way it reverts 8187d2d. So considering 933bf02 be a proper fix for this CVE.
IM7-only
AFTER
15/ImageMagick
$ valgrind -q convert -seed 0 "(" magick:netscape -monochrome ")" "(" magick:netscape +repage ")" -geometry 433%-80-57 -adjoin -evaluate-sequence Median temp
$
Will submit for: 15/ImageMagick Packages submitted. I believe all fixed. SUSE-SU-2019:2106-1: An update that fixes 30 vulnerabilities is now available. Category: security (moderate) Bug References: 1139884,1139885,1139886,1140100,1140102,1140103,1140104,1140105,1140106,1140110,1140111,1140501,1140513,1140520,1140534,1140538,1140543,1140545,1140547,1140549,1140552,1140554,1140664,1140665,1140666,1140667,1140668,1140669,1140673,1141171 CVE References: CVE-2019-12974,CVE-2019-12975,CVE-2019-12976,CVE-2019-12977,CVE-2019-12978,CVE-2019-12979,CVE-2019-13133,CVE-2019-13134,CVE-2019-13135,CVE-2019-13136,CVE-2019-13137,CVE-2019-13295,CVE-2019-13296,CVE-2019-13297,CVE-2019-13298,CVE-2019-13299,CVE-2019-13300,CVE-2019-13301,CVE-2019-13302,CVE-2019-13303,CVE-2019-13304,CVE-2019-13305,CVE-2019-13306,CVE-2019-13307,CVE-2019-13308,CVE-2019-13309,CVE-2019-13310,CVE-2019-13311,CVE-2019-13391,CVE-2019-13454 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.67.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): ImageMagick-7.0.7.34-3.67.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.67.1 SUSE Linux Enterprise Module for Development Tools 15 (src): ImageMagick-7.0.7.34-3.67.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): ImageMagick-7.0.7.34-3.67.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): ImageMagick-7.0.7.34-3.67.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2019:1983-1: An update that fixes 30 vulnerabilities is now available. Category: security (moderate) Bug References: 1139884,1139885,1139886,1140100,1140102,1140103,1140104,1140105,1140106,1140110,1140111,1140501,1140513,1140520,1140534,1140538,1140543,1140545,1140547,1140549,1140552,1140554,1140664,1140665,1140666,1140667,1140668,1140669,1140673,1141171 CVE References: CVE-2019-12974,CVE-2019-12975,CVE-2019-12976,CVE-2019-12977,CVE-2019-12978,CVE-2019-12979,CVE-2019-13133,CVE-2019-13134,CVE-2019-13135,CVE-2019-13136,CVE-2019-13137,CVE-2019-13295,CVE-2019-13296,CVE-2019-13297,CVE-2019-13298,CVE-2019-13299,CVE-2019-13300,CVE-2019-13301,CVE-2019-13302,CVE-2019-13303,CVE-2019-13304,CVE-2019-13305,CVE-2019-13306,CVE-2019-13307,CVE-2019-13308,CVE-2019-13309,CVE-2019-13310,CVE-2019-13311,CVE-2019-13391,CVE-2019-13454 Sources used: openSUSE Leap 15.1 (src): ImageMagick-7.0.7.34-lp151.7.9.1 openSUSE Leap 15.0 (src): ImageMagick-7.0.7.34-lp150.2.38.1 released |