Bug 1153868 (CVE-2019-17547)

Summary: VUL-0: CVE-2019-17547: ImageMagick: use-after-free in TraceBezier in MagickCore/draw.c
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, rfrohl, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/244838/
Whiteboard: CVSSv3:SUSE:CVE-2019-17547:5.9:(AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Petr Gajdos 2019-10-15 14:36:16 UTC
In older code streams, the code is different:

patched code:

  control_points=quantum*number_coordinates;
  if (CheckPrimitiveExtent(mvg_info,control_points+1) == MagickFalse)
    {
      points=(PointInfo *) RelinquishMagickMemory(points);
      coefficients=(double *) RelinquishMagickMemory(coefficients);
      return(MagickFalse);
    }
+ primitive_info=(*mvg_info->primitive_info)+mvg_info->offset;

15/ImageMagick

  if (CheckPrimitiveExtent(mvg_info,control_points+1) != MagickFalse)
    primitive_info=(*mvg_info->primitive_info)+mvg_info->offset;

Considering older code streams unaffected by this CVE. In case of any doubts, feel free to reopen with an explanation and a reproducer.
Comment 3 Alexander Bergmann 2022-01-07 12:15:28 UTC
Closing as Not Affected.