Bugzilla – Bug 1050116
VUL-1: CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS
Last modified: 2020-06-08 14:30:44 UTC
Created attachment 733482 [details] Reproducer CVE-2017-11527 The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11527 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11527 https://github.com/ImageMagick/ImageMagick/issues/523
BEFORE I can somewhat reproduce with 12/ImageMagick. 11/ImageMagick does not have policy.xml and I cannot reproduce the memory consumption with Graphis 11,12/ImageMagick output: $ identify memory_exhaustion_in_ReadDPXImage memory_exhaustion_in_ReadDPXImage DPX 0x0 16-bit RGB 80B 2.530u 0:02.540 050116: unexpected end-of-file `memory_exhaustion_in_ReadDPXImage': No such file or directory @ error/dpx.c/ReadDPXImage/1123. 050116: no pixels defined in cache `memory_exhaustion_in_ReadDPXImage' @ error/cache.c/OpenPixelCache/3485. $ GraphicsMagick: $ gm identify memory_exhaustion_in_ReadDPXImage gm identify: Improper image header (memory_exhaustion_in_ReadDPXImage). gm identify: Request did not return an image. $ [small memory usage] Code is different, considering GraphicsMagick unaffected. PATCH https://github.com/ImageMagick/ImageMagick/commit/961eb7c6fe2f1efc0be11d950c4500cd0cd17702 AFTER 11,12/ImageMagick output: $ identify memory_exhaustion_in_ReadDPXImage 050116: improper image header `memory_exhaustion_in_ReadDPXImage' @ error/dpx.c/ReadDPXImage/1109. $
I believe all fixed.
SUSE-SU-2017:3378-1: An update that fixes 26 vulnerabilities is now available. Category: security (important) Bug References: 1048457,1049796,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052758,1052764,1054757,1055214,1056432,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060577,1066003,1067181,1067184 CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14733,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ImageMagick-6.4.3.6-7.78.14.1 SUSE Linux Enterprise Server 11-SP4 (src): ImageMagick-6.4.3.6-7.78.14.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-7.78.14.1
SUSE-SU-2017:3388-1: An update that solves 32 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1048457,1049796,1050083,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052744,1052758,1052764,1054757,1055214,1056432,1057157,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060176,1060577,1061254,1062750,1066003,1067181,1067184,1067409 CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11523,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14138,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14682,CVE-2017-14733,CVE-2017-14989,CVE-2017-15217,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546,CVE-2017-16669 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Server 12-SP2 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.17.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ImageMagick-6.8.8.1-71.17.1
openSUSE-SU-2017:3420-1: An update that solves 32 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1048457,1049796,1050083,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052744,1052758,1052764,1054757,1055214,1056432,1057157,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060176,1060577,1061254,1062750,1066003,1067181,1067184,1067409 CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11523,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14138,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14682,CVE-2017-14733,CVE-2017-14989,CVE-2017-15217,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546,CVE-2017-16669 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-40.1 openSUSE Leap 42.2 (src): ImageMagick-6.8.8.1-30.12.1
released
Will submit again for 12,11/ImageMagick. See bug 1047054 comment 10.