Bug 1106989 - (CVE-2018-16413) VUL-1: CVE-2018-16413: GraphicsMagick,ImageMagick: heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function
(CVE-2018-16413)
VUL-1: CVE-2018-16413: GraphicsMagick,ImageMagick: heap-based buffer over-rea...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/213691/
CVSSv3:SUSE:CVE-2018-16413:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-04 06:49 UTC by Karol Babioch
Modified: 2021-10-05 10:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-09-04 06:49:18 UTC
CVE-2018-16413

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the
MagickCore/quantum-private.h PushShortPixel function when called from the
coders/psd.c ParseImageResourceBlocks function.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16413
http://www.cvedetails.com/cve/CVE-2018-16413/
https://github.com/ImageMagick/ImageMagick/issues/1251
https://github.com/ImageMagick/ImageMagick/issues/1249
Comment 1 Karol Babioch 2018-09-04 07:05:44 UTC
According to my analysis (based on the available patch [1]), makes me thing that the following codestreams are affected:

- SUSE:SLE-15:Update
- openSUSE:Factory
- openSUSE:Leap:15.0

Not affected:

- SUSE:SLE-11:Update
- SUSE:SLE-12:Update
- openSUSE:Leap:42.3

[1]: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
Comment 2 Petr Gajdos 2018-09-05 10:13:10 UTC
See similar bug 1106996.
Comment 3 Petr Gajdos 2018-09-05 10:35:20 UTC
*/GraphicsMagick: the code similar to ParseImageResourceBlocks() not found. If I missed something, please let me know where the code lies.
Comment 4 Petr Gajdos 2018-09-05 11:31:54 UTC
No single valgrind error running the testcase for 15,12,11/ImageMagick 32-bit.
Comment 5 Petr Gajdos 2018-09-05 11:44:00 UTC
Related to bug 984160.
Comment 6 Petr Gajdos 2018-09-05 11:53:33 UTC
Packages submitted into 11,12,15/ImageMagick.
Comment 7 Petr Gajdos 2018-09-05 11:53:53 UTC
I believe all fixed.
Comment 13 Swamp Workflow Management 2018-10-02 19:14:31 UTC
SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1
Comment 15 Swamp Workflow Management 2018-10-05 10:10:03 UTC
openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1
Comment 16 Swamp Workflow Management 2018-10-11 07:09:05 UTC
SUSE-SU-2018:3095-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
Comment 19 Swamp Workflow Management 2018-10-17 19:23:40 UTC
openSUSE-SU-2018:3203-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-70.2
Comment 22 Swamp Workflow Management 2018-10-23 19:18:18 UTC
SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
Comment 33 Swamp Workflow Management 2019-03-28 02:13:10 UTC
SUSE-SU-2019:13993-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1106989,1106996,1113064,1120381,1124365,1124366,1128649
CVE References: CVE-2018-16412,CVE-2018-16413,CVE-2018-18544,CVE-2018-20467,CVE-2019-7175,CVE-2019-7397,CVE-2019-7398
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.92.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.92.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    ImageMagick-6.4.3.6-78.92.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.92.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 34 Swamp Workflow Management 2019-04-25 16:15:53 UTC
SUSE-SU-2019:1033-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106989,1106996,1107609,1120381,1122033,1124365,1124366,1124368,1128649,1130330,1131317,1132053,1132054,1132060
CVE References: CVE-2018-16412,CVE-2018-16413,CVE-2018-16644,CVE-2018-20467,CVE-2019-10650,CVE-2019-11007,CVE-2019-11008,CVE-2019-11009,CVE-2019-7175,CVE-2019-7395,CVE-2019-7397,CVE-2019-7398,CVE-2019-9956
Sources used:
SUSE OpenStack Cloud 7 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-SP4 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Server 12-LTSS (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.108.1
SUSE Enterprise Storage 4 (src):    ImageMagick-6.8.8.1-71.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Swamp Workflow Management 2019-04-27 01:11:50 UTC
SUSE-SU-2019:1033-2: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106989,1106996,1107609,1120381,1122033,1124365,1124366,1124368,1128649,1130330,1131317,1132053,1132054,1132060
CVE References: CVE-2018-16412,CVE-2018-16413,CVE-2018-16644,CVE-2018-20467,CVE-2019-10650,CVE-2019-11007,CVE-2019-11008,CVE-2019-11009,CVE-2019-7175,CVE-2019-7395,CVE-2019-7397,CVE-2019-7398,CVE-2019-9956
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    ImageMagick-6.8.8.1-71.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 36 Swamp Workflow Management 2019-05-03 19:13:15 UTC
openSUSE-SU-2019:1320-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106989,1106996,1107609,1120381,1122033,1124365,1124366,1124368,1128649,1130330,1131317,1132053,1132054,1132060
CVE References: CVE-2018-16412,CVE-2018-16413,CVE-2018-16644,CVE-2018-20467,CVE-2019-10650,CVE-2019-11007,CVE-2019-11008,CVE-2019-11009,CVE-2019-7175,CVE-2019-7395,CVE-2019-7397,CVE-2019-7398,CVE-2019-9956
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-82.1
Comment 37 Marcus Meissner 2019-07-09 06:30:38 UTC
released
Comment 38 OBSbugzilla Bot 2021-10-04 16:41:20 UTC
This is an autogenerated message for OBS integration:
This bug (1106989) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick
Comment 39 OBSbugzilla Bot 2021-10-05 10:41:16 UTC
This is an autogenerated message for OBS integration:
This bug (1106989) was mentioned in
https://build.opensuse.org/request/show/923178 Factory / ImageMagick