Bug 1028079 - (CVE-2017-6500) VUL-1: CVE-2017-6500: GraphicsMagick: An issue was discovered in ImageMagick 6.9.7. A specially crafted sun filetriggers a heap-based buf...
VUL-1: CVE-2017-6500: GraphicsMagick: An issue was discovered in ImageMagick ...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Minor
: ---
Assigned To: Petr Gajdos
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-03-06 10:02 UTC by Marcus Meissner
Modified: 2017-06-14 19:24 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

bug1 (240 bytes, application/octet-stream)
2017-03-06 10:05 UTC, Marcus Meissner

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2017-03-06 10:05:36 UTC
Created attachment 716411 [details]


convert bug1 /dev/null

should not crash

valgrind convert bug1 /dev/null

should not show out of bounds reads

(NOTE: can not reproduce currently)
Comment 2 Marcus Meissner 2017-03-06 10:12:26 UTC
We have several patches touching this code already in ImageMagick, one of them probably has fixed it already.

similar to CVE-2016-7518 in bug 1000694.

GraphicsMagic in SLE11 seems to still have the buggy code.
Comment 3 Marcus Meissner 2017-03-06 10:12:46 UTC
QA REPRODUCER (GraphicsMagick):

gm convert bug1 /dev/null

should not show a backtrace
Comment 4 Swamp Workflow Management 2017-03-06 23:01:03 UTC
bugbot adjusting priority
Comment 7 Petr Gajdos 2017-03-21 13:15:51 UTC
I get no crash nor valgrind errors anywhere.
Comment 9 Petr Gajdos 2017-03-21 15:47:07 UTC
I bet the bug does not affect GraphicsMagick:

bytes_per_line += sun_info.width % 8 ? 1 : 0;
Comment 11 Swamp Workflow Management 2017-03-29 04:10:24 UTC
SUSE-RU-2017:0843-1: An update that has two recommended fixes can now be installed.

Category: recommended (low)
Bug References: 1027480,1028079
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-