Bug 1051416 - (CVE-2017-11755) VUL-2: CVE-2017-11755: GraphicsMagick, ImageMagick: WritePICONImage in coders/xpm.c allows to cause DoS
VUL-2: CVE-2017-11755: GraphicsMagick, ImageMagick: WritePICONImage in coders...
Status: RESOLVED DUPLICATE of bug 1051412
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Petr Gajdos
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-07-31 06:56 UTC by Johannes Segitz
Modified: 2019-04-23 22:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Reproducer (2.00 KB, application/octet-stream)
2017-07-31 06:56 UTC, Johannes Segitz

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-07-31 06:56:52 UTC
Created attachment 734502 [details]


The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows
remote attackers to cause a denial of service (memory leak) via a crafted file
that is mishandled in an AcquireSemaphoreInfo call.

valgrind convert Memory-Leak-21_output_picon_1501391824.23 out.picon

Might be dup of bsc#1051412 since https://github.com/ImageMagick/ImageMagick/issues/631 indicates that it's fixed by the same commit

Comment 1 Marcus Meissner 2017-09-29 06:01:54 UTC
memleak described is sizeof(SemaphoreInfo). minor leak. deferable.
Comment 2 Petr Gajdos 2018-01-02 11:55:49 UTC
I cannot reproduce any other memory leaks than that ones listed in bug 1051412, closing as duplicate as the upstream did.

*** This bug has been marked as a duplicate of bug 1051412 ***