Bugzilla – Bug 1095812
VUL-1: CVE-2018-10805: ImageMagick: Memory leak in ReadYCBCRImage
Last modified: 2021-10-05 10:40:20 UTC
rh#1577398 ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. References: https://bugzilla.redhat.com/show_bug.cgi?id=1577398 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10805 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10805.html https://github.com/ImageMagick/ImageMagick/issues/1054
No test case found.
ImageMagick 7 commit: https://github.com/ImageMagick/ImageMagick/commit/53060aa22a3767a46a9ddb4ef32e7fa061a1da34 ImageMagick 6 commit: https://github.com/ImageMagick/ImageMagick6/commit/53060aa22a3767a46a9ddb4ef32e7fa061a1da34 The commit fixes following upstream bugs: Memory leak in ReadBGRImage #1043 Memory leak in ReadCMYKImage #1044 Memory leak in ReadGRAYImage #1046 Memory leak in ReadRGBImage #1051 Memory leak in ReadYCBCRImage #1054 Only ReadYCBCRImage fix is bound to this CVE. 15/ImageMagick: has this fix already in, nevertheless I will add another leak fix 12/ImageMagick: ReadBGRImage fixed ReadCMYKImage fixed ReadGRAYImage fixed ReadRGBImage fixed ReadYCBCRImage fixed 11/ImageMagick: ReadBGRImage does not have bgr ReadCMYKImage fixed ReadGRAYImage fixed ReadRGBImage fixed ReadYCBCRImage fixed 11/GraphicsMagick: ReadBGRImage does not have bgr ReadCMYKImage unrelated small leak (scanline variable) ReadGRAYImage unrelated small leak (scanline variable) ReadRGBImage unrelated small leak (scanline variable) ReadYCBCRImage does not have ycbcr 42.3/GraphicsMagick: ReadBGRImage does not have bgr ReadCMYKImage unrelated small leak (scanline variable) ReadGRAYImage unrelated small leak (scanline variable) ReadRGBImage unrelated small leak (scanline variable) ReadYCBCRImage does not have ycbcr 15.0/GraphicsMagick: ReadBGRImage does not have bgr ReadCMYKImage unrelated small leak (scanline variable) ReadGRAYImage unrelated small leak (scanline variable) ReadRGBImage unrelated small leak (scanline variable) ReadYCBCRImage does not have ycbcr Reported https://sourceforge.net/p/graphicsmagick/bugs/567/ https://github.com/ImageMagick/ImageMagick/issues/1179
Will submit for 15/ImageMagick, 12/ImageMagick, 11/ImageMagick, 11/GraphicsMagick, 42.3/GraphicsMagick and 15.0/GraphicsMagick.
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1095812) was mentioned in https://build.opensuse.org/request/show/618094 15.0 / GraphicsMagick https://build.opensuse.org/request/show/618095 42.3 / GraphicsMagick
SUSE-SU-2018:1851-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1047356,1056277,1087820,1094204,1094237,1095730,1095812,1095813 CVE References: CVE-2017-10928,CVE-2017-13758,CVE-2017-18271,CVE-2018-10804,CVE-2018-10805,CVE-2018-11251,CVE-2018-11655,CVE-2018-9133 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.65.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.65.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.65.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.65.1
openSUSE-SU-2018:1860-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1047356,1056277,1087820,1094204,1094237,1095730,1095812,1095813 CVE References: CVE-2017-10928,CVE-2017-13758,CVE-2017-18271,CVE-2018-10804,CVE-2018-10805,CVE-2018-11251,CVE-2018-11655,CVE-2018-9133 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-64.1
openSUSE-SU-2018:1862-1: An update that solves one vulnerability and has one errata is now available. Category: security (low) Bug References: 1075821,1095812 CVE References: CVE-2018-10805 Sources used: openSUSE Leap 42.3 (src): GraphicsMagick-1.3.25-93.1 openSUSE Leap 15.0 (src): GraphicsMagick-1.3.29-lp150.3.6.1
SUSE-SU-2018:2043-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1094742,1094745,1095812,1096200,1096203,1098545,1098546 CVE References: CVE-2018-10805,CVE-2018-11624,CVE-2018-11625,CVE-2018-12599,CVE-2018-12600 Sources used: SUSE Linux Enterprise Module for Development Tools 15 (src): ImageMagick-7.0.7.34-3.9.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): ImageMagick-7.0.7.34-3.9.1
openSUSE-SU-2018:2123-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1094742,1094745,1095812,1096200,1096203,1098545,1098546 CVE References: CVE-2018-10805,CVE-2018-11624,CVE-2018-11625,CVE-2018-12599,CVE-2018-12600 Sources used: openSUSE Leap 15.0 (src): ImageMagick-7.0.7.34-lp150.2.6.1
SUSE-SU-2018:2390-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1056277,1094204,1095812,1102007 CVE References: CVE-2017-13758,CVE-2017-18271,CVE-2018-10805,CVE-2018-14435 Sources used: SUSE Studio Onsite 1.3 (src): GraphicsMagick-1.2.5-78.61.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): GraphicsMagick-1.2.5-78.61.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): GraphicsMagick-1.2.5-78.61.1
SUSE-SU-2018:2465-1: An update that fixes 10 vulnerabilities is now available. Category: security (moderate) Bug References: 1056277,1094204,1094237,1095812,1098545,1098546,1102003,1102004,1102005,1102007 CVE References: CVE-2017-13758,CVE-2017-18271,CVE-2018-10805,CVE-2018-11251,CVE-2018-12599,CVE-2018-12600,CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ImageMagick-6.4.3.6-78.56.1 SUSE Linux Enterprise Server 11-SP4 (src): ImageMagick-6.4.3.6-78.56.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.56.1
released
This is an autogenerated message for OBS integration: This bug (1095812) was mentioned in https://build.opensuse.org/request/show/705902 15.1 / GraphicsMagick
This is an autogenerated message for OBS integration: This bug (1095812) was mentioned in https://build.opensuse.org/request/show/923064 Factory / ImageMagick
This is an autogenerated message for OBS integration: This bug (1095812) was mentioned in https://build.opensuse.org/request/show/923178 Factory / ImageMagick