Bug 1055038 - (CVE-2017-13065) VUL-2: CVE-2017-13065: GraphicsMagick: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability inthe function SVGStartElement in coders/svg.c.
(CVE-2017-13065)
VUL-2: CVE-2017-13065: GraphicsMagick: GraphicsMagick 1.3.26 has a NULL point...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/190885/
CVSSv3:SUSE:CVE-2017-13065:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-22 14:42 UTC by Marcus Meissner
Modified: 2018-02-09 20:10 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
gm_null_pointer_dereference_in_SVGStartElement (268 bytes, image/svg+xml)
2017-08-22 14:43 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-08-22 14:42:29 UTC
CVE-2017-13065

GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in
the function SVGStartElement in coders/svg.c.

http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
https://sourceforge.net/p/graphicsmagick/bugs/435/
Comment 1 Marcus Meissner 2017-08-22 14:43:30 UTC
Created attachment 737804 [details]
gm_null_pointer_dereference_in_SVGStartElement

QA REPRODUCER:

gm identify gm_null_pointer_dereference_in_SVGStartElement

should not crash with NULL ptr.
Comment 2 Marcus Meissner 2017-08-22 14:44:36 UTC
GraphicsMagick SLE11 affected and also Leap.

cross checked ImageMagick, it is not affected apparently.
Comment 3 Marcus Meissner 2017-09-29 07:37:30 UTC
Null ptr controlled abort. can be defered.
Comment 4 Petr Gajdos 2018-01-26 12:22:22 UTC
I could not gather testcase from our bugzilla via firefox but I have been successful via upstream report.

42.x/GraphicsMagick

$ valgrind -q gm identify gm_null_pointer_dereference_in_SVGStartElement
gm identify: invalid primitive argument ().
gm identify: Request did not return an image.
$

11/GraphicsMagick

$ valgrind -q gm identify gm_null_pointer_dereference_in_SVGStartElement
gm identify: Negative or zero image size.
$

11/ImageMagick

$ valgrind -q identify gm_null_pointer_dereference_in_SVGStartElement
identify: Memory allocation failed `gm_null_pointer_dereference_in_SVGStartElement'.
$

12/ImageMagick

$ valgrind -q gm_null_pointer_dereference_in_SVGStartElement
valgrind: gm_null_pointer_dereference_in_SVGStartElement: command not found
$

No issues observed with this testcase. 

As far as I can see, this is already addresed via GraphicsMagick-CVE-2017-13063,13064.patch (bsc#1055050, bsc#1055042). Not sure why I have not close this bug along. The verdict is the same as in these bugs: considering affected */GraphicsMagick.

I would close this as fixed, but feel free to consider to ask me to adapt rpm changelogs.
Comment 5 Petr Gajdos 2018-01-26 14:29:42 UTC
Considered affected: 42.x/GraphicsMagick and 11/GraphicsMagick

I will adjust rpm changelogs and patch names accordingly.
Comment 6 Petr Gajdos 2018-01-26 15:17:14 UTC
I believe all fixed.
Comment 8 Swamp Workflow Management 2018-01-26 15:20:05 UTC
This is an autogenerated message for OBS integration:
This bug (1055038) was mentioned in
https://build.opensuse.org/request/show/569900 42.2 / GraphicsMagick
https://build.opensuse.org/request/show/569901 42.3 / GraphicsMagick
Comment 9 Swamp Workflow Management 2018-02-01 02:07:00 UTC
openSUSE-SU-2018:0328-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1055038,1075939,1076021,1076051
CVE References: CVE-2017-13063,CVE-2017-13065,CVE-2017-18027,CVE-2017-18029,CVE-2018-5685
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-63.1
Comment 10 Marcus Meissner 2018-02-09 15:59:32 UTC
released
Comment 11 Swamp Workflow Management 2018-02-09 20:10:54 UTC
SUSE-SU-2018:0413-1: An update that fixes 34 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043353,1043354,1047908,1047910,1050037,1050072,1050100,1051442,1052470,1052708,1052717,1052768,1052777,1052781,1054600,1055038,1055374,1055455,1055456,1057000,1060162,1062752,1067198,1073690,1074023,1074120,1074125,1074175,1075939
CVE References: CVE-2014-9811,CVE-2017-10995,CVE-2017-11102,CVE-2017-11505,CVE-2017-11526,CVE-2017-11539,CVE-2017-11750,CVE-2017-12565,CVE-2017-12640,CVE-2017-12641,CVE-2017-12643,CVE-2017-12673,CVE-2017-12676,CVE-2017-12935,CVE-2017-13065,CVE-2017-13141,CVE-2017-13142,CVE-2017-13147,CVE-2017-14103,CVE-2017-14174,CVE-2017-14649,CVE-2017-15218,CVE-2017-15238,CVE-2017-16669,CVE-2017-17501,CVE-2017-17504,CVE-2017-17782,CVE-2017-17879,CVE-2017-17884,CVE-2017-17915,CVE-2017-8352,CVE-2017-9261,CVE-2017-9262,CVE-2018-5685
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.78.33.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.33.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.33.1