Bug 1016596 - VUL-0: imagemagick: mat file out of bound
VUL-0: imagemagick: mat file out of bound
Status: RESOLVED DUPLICATE of bug 1017326
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Petr Gajdos
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2016-12-20 20:16 UTC by Mikhail Kasimov
Modified: 2017-04-15 10:42 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-20 20:16:30 UTC
Ref: http://seclists.org/oss-sec/2016/q4/713

Debian bug: https://bugs.debian.org/845246
Reference URL: https://security-tracker.debian.org/845246
Upstream commit: 
  - https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
  - https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/131
Upstream version fixed: 6.9.4-0

Commits against 6 branch, unknown if fixed or relevant on 7 branch.
Comment 1 Swamp Workflow Management 2016-12-20 23:04:46 UTC
bugbot adjusting priority
Comment 2 Matthias Gerstner 2016-12-22 14:18:09 UTC
An allocation for a number of (unsigned char) is made but in worst case a
number of (double) seems to be required for MAT images.


[affected] SLE-12:Update in coders/mat.c:874
[affected] SLE-11:Update in coders/mat.c:819
[affected] openSUSE:13.2:Update in coders/mat.c:879


[affected] SLE-11:Update in coders/mat.c:687
[affected] openSUSE:42.2:Update in coders/mat.c:556,994
[affected] openSUSE:42.1:Update in coders/mat.c:716
[affected] openSUSE:13.2:Update in coders/mat.c:710
Comment 3 Johannes Segitz 2016-12-28 13:21:13 UTC
all ImageMagick issues from one oss posting were opened twice

*** This bug has been marked as a duplicate of bug 1017326 ***