Bug 1106858 - (CVE-2018-16329) VUL-1: CVE-2018-16329: ImageMagick: NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c
(CVE-2018-16329)
VUL-1: CVE-2018-16329: ImageMagick: NULL pointer dereference exists in the Ge...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/213619/
CVSSv3:SUSE:CVE-2018-16329:4.0:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-03 06:05 UTC by Alexander Bergmann
Modified: 2021-10-05 10:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-09-03 06:05:35 UTC
CVE-2018-16329

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the
GetMagickProperty function in MagickCore/property.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16329
http://www.cvedetails.com/cve/CVE-2018-16329/
https://github.com/ImageMagick/ImageMagick/issues/1225
Comment 1 Petr Gajdos 2018-09-03 08:34:49 UTC
TW: already fixed by version update
Comment 2 Petr Gajdos 2018-09-03 11:21:08 UTC
No testcase found.
Comment 3 Petr Gajdos 2018-09-03 14:29:37 UTC
From the quick look, this is one of examples of 'security bugs' which, in my opinion, should be resolved WONTFIX in fact. If I understand correctly, the issue would happen only if the library would be used wrongly (NULL pointer as an argument). ImageMagick seem to concede one of its argument in question (image, image_info) to be NULL, tries to resolve the wrong usage, hence the confusion. The same way one could conclude that the assert() there could mean a DOS, as long as the library can be called with both arguments set to NULL.

Anyway, I will try to 'fix' it for 15,12/ImageMagick where there is certain chance that it will work with one of arguments NULL. I consider 11/ImageMagick and */GraphicsMagick not affected: magick/property.c/GetMagickProperty() and magick/attribute.c/GetImageInfoAttribute() respectively just assume that no from image, image_info arguments are not NULL.
Comment 4 Petr Gajdos 2018-09-03 14:29:55 UTC
Will submit for 12/ImageMagick and 15/ImageMagick.
Comment 5 Petr Gajdos 2018-09-03 14:38:03 UTC
I believe all fixed.
Comment 11 Swamp Workflow Management 2018-09-21 10:14:01 UTC
SUSE-SU-2018:2778-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
Comment 12 Swamp Workflow Management 2018-09-24 10:09:35 UTC
openSUSE-SU-2018:2811-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-67.1
Comment 13 Swamp Workflow Management 2018-10-02 19:14:23 UTC
SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1
Comment 14 Marcus Meissner 2018-10-05 07:06:23 UTC
released
Comment 15 Swamp Workflow Management 2018-10-05 10:09:54 UTC
openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1
Comment 16 OBSbugzilla Bot 2021-10-04 16:41:15 UTC
This is an autogenerated message for OBS integration:
This bug (1106858) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick
Comment 17 OBSbugzilla Bot 2021-10-05 10:41:11 UTC
This is an autogenerated message for OBS integration:
This bug (1106858) was mentioned in
https://build.opensuse.org/request/show/923178 Factory / ImageMagick