First Last Prev Next    This bug is not in your last search results.
Bug 1000699 - (CVE-2016-7523) VUL-0: CVE-2016-7523: ImageMagick: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496
(CVE-2016-7523)
VUL-0: CVE-2016-7523: ImageMagick: AddressSanitizer:heap-buffer-overflow READ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:RedHat:CVE-2016-7523:4.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-23 10:56 UTC by Johannes Segitz
Modified: 2016-12-22 12:20 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-09-23 22:02:20 UTC 
bugbot adjusting priority
Comment 2 Petr Gajdos 2016-10-06 11:33:23 UTC 
For the testcase in the Ubuntu bug:
* ImageMagick crashes.
* GraphicsMagick does not crash, does not show valgrind errors.
Comment 3 Petr Gajdos 2016-10-06 11:35:59 UTC 
There is no commit assigned to this issue, as far as I can see.
Comment 4 Petr Gajdos 2016-10-06 11:36:39 UTC 
gdb backtrace shows (13.2/ImageMagick)

#0  parse8BIM (ofile=0x623d30, ifile=0x61dd70) at coders/meta.c:486
#1  ReadMETAImage (image_info=0x60e190, exception=0x6053f0) at coders/meta.c:1161
#2  0x00007ffff79b6fb8 in ReadImage (image_info=image_info@entry=0x6097e0, exception=exception@entry=0x6053f0) at magick/constitute.c:547
#3  0x00007ffff79b808b in ReadImages (image_info=image_info@entry=0x6097e0, exception=exception@entry=0x6053f0) at magick/constitute.c:853
#4  0x00007ffff764ffa1 in ConvertImageCommand (image_info=0x6097e0, argc=3, argv=0x6042b0, metadata=0x0, exception=0x6053f0) at wand/convert.c:619
#5  0x00007ffff76bc773 in MagickCommandGenesis (image_info=image_info@entry=0x605630, command=0x4008b0 <ConvertImageCommand@plt>, argc=argc@entry=3, argv=argv@entry=0x7fffffffe858, 
    metadata=metadata@entry=0x0, exception=exception@entry=0x6053f0) at wand/mogrify.c:168
#6  0x0000000000400927 in ConvertMain (argv=0x7fffffffe858, argc=3) at utilities/convert.c:81
#7  main (argc=3, argv=0x7fffffffe858) at utilities/convert.c:92
Comment 5 Petr Gajdos 2016-10-06 12:22:37 UTC 
https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6

fixes the crash. For the GraphicsMagick, len is unsigned, so the patch is not needed. Just ImageMagick is affected.
Comment 6 Petr Gajdos 2016-10-13 13:40:14 UTC 
I believe all fixed.
Comment 8 Swamp Workflow Management 2016-10-28 16:09:47 UTC 
SUSE-SU-2016:2667-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
Comment 9 Swamp Workflow Management 2016-10-28 19:08:51 UTC 
openSUSE-SU-2016:2671-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000703,1000704,1000706,1000707,1000708,1000709,1000710,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7536,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-34.1
Comment 10 Swamp Workflow Management 2016-11-10 16:16:05 UTC 
openSUSE-SU-2016:2770-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-21.1
Comment 11 Swamp Workflow Management 2016-12-01 17:10:01 UTC 
SUSE-SU-2016:2964-1: An update that fixes 34 vulnerabilities is now available.

Category: security (important)
Bug References: 1000399,1000434,1000436,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000698,1000699,1000700,1000701,1000703,1000704,1000707,1000709,1000711,1000713,1000714,1001066,1001221,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1007245
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-5687,CVE-2016-6823,CVE-2016-7101,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7533,CVE-2016-7535,CVE-2016-7537,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684,CVE-2016-8862
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
Comment 12 Marcus Meissner 2016-12-22 12:20:13 UTC 
released
First Last Prev Next    This bug is not in your last search results.