Bug 1055229 – VUL-2: CVE-2017-13131: ImageMagick: In ImageMagick 7.0.6-8, a memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allows attackers tocause a denial of service (memory consumption in NewL

Bug 1055229 - (CVE-2017-13131) VUL-2: CVE-2017-13131: ImageMagick: In ImageMagick 7.0.6-8, a memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allows attackers tocause a denial of service (memory consumption in NewL

(CVE-2017-13131)
Summary:	VUL-2: CVE-2017-13131: ImageMagick: In ImageMagick 7.0.6-8, a memory leak vul...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/190906/
Whiteboard:	CVSSv3:SUSE:CVE-2017-13131:4.3:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-08-23 10:29 UTC by Marcus Meissner
Modified:	2018-03-06 23:48 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
memory_leak_in_NewLinkedList (239 bytes, application/octet-stream) 2017-08-23 10:29 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-08-23 10:29:17 UTC

CVE-2017-13131

In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the
function ReadMIFFImage in coders/miff.c, which allows attackers to
cause a denial of service (memory consumption in NewLinkedList in
MagickCore/linked-list.c) via a crafted file.

https://github.com/ImageMagick/ImageMagick/issues/676

Comment 1 Marcus Meissner 2017-08-23 10:29:58 UTC

Created attachment 737980 [details]
memory_leak_in_NewLinkedList

QA REPRODUCER:

valgrind --leak-check=full identify memory_leak_in_NewLinkedList

should not report an error like this:

==26746== 4,330 (56 direct, 4,274 indirect) bytes in 1 blocks are definitely lost in loss record 14 of 14
==26746==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==26746==    by 0x4F3EEA2: NewLinkedList (in /usr/lib64/libMagickCore-6.Q16.so.1.0.0)

Comment 2 Marcus Meissner 2017-08-23 10:30:23 UTC

GraphicsMagic: not affected

SLE11 ImageMagick: apparently not affected
SLE12 ImageMagick and newer: affected

Comment 3 Marcus Meissner 2017-09-25 15:09:43 UTC

Minor Leak.

No need to fix.

Comment 4 Petr Gajdos 2018-02-13 15:27:44 UTC

BEFORE

12/ImageMagick

$ valgrind -q --leak-check=full identify memory_leak_in_NewLinkedList
identify: improper image header `memory_leak_in_NewLinkedList' @ error/miff.c/ReadMIFFImage/1102.
==894== 4,330 (56 direct, 4,274 indirect) bytes in 1 blocks are definitely lost in loss record 13 of 13
==894==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==894==    by 0x4F3F9E2: NewLinkedList (hashmap.c:1367)
==894==    by 0x841EC44: ???
==894==    by 0x4EBFE1A: ReadImage (constitute.c:601)
==894==    by 0x4FD1698: ReadStream (stream.c:974)
==894==    by 0x4EBF960: PingImage (constitute.c:278)
==894==    by 0x4EBFB9A: PingImages (constitute.c:373)
==894==    by 0x535850B: IdentifyImageCommand (identify.c:322)
==894==    by 0x5385C52: MagickCommandGenesis (mogrify.c:166)
==894==    by 0x400891: IdentifyMain (identify.c:80)
==894==    by 0x400891: main (identify.c:93)
==894== 
$

11/ImageMagick

$ valgrind -q --leak-check=full identify memory_leak_in_NewLinkedList
identify: Improper image header `memory_leak_in_NewLinkedList'.
$

11,42.3,HG/GraphicsMagick

$ valgrind -q --leak-check=full gm identify memory_leak_in_NewLinkedList
gm identify: Improper image header (memory_leak_in_NewLinkedList).
gm identify: Request did not return an image.
$

PATCH

https://github.com/ImageMagick/ImageMagick/commit/3e509770ec1d03a14f05815baef5432e0d8171a4
12/ImageMagick: affected
11/ImageMagick: code is there, considering affected
11/ImageMagick: code is there, considering affected
42.3/GraphicsMagick: ThrowMIFFReaderException()

AFTER

12/ImageMagick

$ valgrind -q --leak-check=full identify memory_leak_in_NewLinkedList
identify: improper image header `memory_leak_in_NewLinkedList' @ error/miff.c/ReadMIFFImage/1105.
$
[leak fixed]

11/ImageMagick

$ valgrind -q --leak-check=full identify memory_leak_in_NewLinkedList
identify: Improper image header `memory_leak_in_NewLinkedList'.
$
[no change]

11/GraphicsMagick

$ valgrind -q --leak-check=full gm identify memory_leak_in_NewLinkedList
gm identify: Improper image header (memory_leak_in_NewLinkedList).
$
[no change]

Comment 5 Petr Gajdos 2018-02-13 15:47:06 UTC

Will submit for 12/ImageMagick, 11/ImageMagick and 11/GraphicsMagick.

Comment 6 Petr Gajdos 2018-02-16 19:16:36 UTC

Packages submitted.

Comment 9 Swamp Workflow Management 2018-02-20 14:10:37 UTC

SUSE-SU-2018:0486-1: An update that fixes 24 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1048110,1049374,1049375,1050048,1050617,1050669,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052761,1055069,1055229,1058009,1074119,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11448,CVE-2017-11450,CVE-2017-11537,CVE-2017-11637,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14224,CVE-2017-17885,CVE-2017-18028,CVE-2017-9407,CVE-2018-6405
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1

Comment 10 Swamp Workflow Management 2018-02-22 14:10:04 UTC

SUSE-SU-2018:0524-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1047900,1049374,1049375,1050617,1050669,1052248,1052251,1052254,1052472,1052688,1055069,1055229,1058009,1072934,1073081,1074307,1076182,1078433
CVE References: CVE-2017-11140,CVE-2017-11448,CVE-2017-11450,CVE-2017-11637,CVE-2017-11638,CVE-2017-11642,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12668,CVE-2017-13058,CVE-2017-13131,CVE-2017-14224,CVE-2017-17502,CVE-2017-17503,CVE-2017-17912,CVE-2017-18028,CVE-2017-9407,CVE-2018-6405
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.78.38.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.38.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.38.1

Comment 11 Swamp Workflow Management 2018-03-01 20:18:03 UTC

SUSE-SU-2018:0581-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1

Comment 12 Andreas Stieger 2018-03-06 19:44:28 UTC

Releasing for Leap, showing as done otherwise

Comment 13 Swamp Workflow Management 2018-03-06 23:16:38 UTC

openSUSE-SU-2018:0621-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-55.1