Bug 1107616 – VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write

Bug 1107616 - (CVE-2018-16642) VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write

(CVE-2018-16642)
Summary:	VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/213898/
Whiteboard:	CVSSv3:SUSE:CVE-2018-16642:4.4:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-09-07 07:39 UTC by Karol Babioch
Modified:	2021-10-04 16:41 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-09-07 07:39:36 UTC

CVE-2018-16642

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote
attackers to cause a denial of service via a crafted image file due to an
out-of-bounds write.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16642
https://github.com/ImageMagick/ImageMagick/issues/1162
https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e

Comment 1 Karol Babioch 2018-09-07 07:48:36 UTC

After a quick look at the source code (and some estimated guesses), all codestreams are affected:

- SUSE:SLE-11:Update/GraphicsMagick
- SUSE:SLE-11:Update/ImageMagick
- SUSE:SLE-12:Update/ImageMagick
- SUSE:SLE-15:Update/ImageMagick

Comment 2 Petr Gajdos 2018-09-11 09:17:38 UTC

Thanks Karol for the analysis.

From the upstream patch, it seems they just unified the InsertRow() code of wpg.c and cut.c including the return value of this function they do not use in cut.c.

From this and also from description of the bug I conclude it is enough to unify InsertRow() everywhere where CVE-2016-7526 is fixed to have CVE-2018-16642 fixed as well.

Comment 3 Petr Gajdos 2018-09-11 12:20:12 UTC

Will submit for 15,12,11/ImageMagick and 11/GraphicsMagick.

Comment 4 Petr Gajdos 2018-09-11 12:37:15 UTC

I believe all fixed.

Comment 9 Swamp Workflow Management 2018-10-02 19:15:07 UTC

SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1

Comment 11 Swamp Workflow Management 2018-10-05 10:10:39 UTC

openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1

Comment 12 Swamp Workflow Management 2018-10-11 07:09:42 UTC

SUSE-SU-2018:3095-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1

Comment 14 Petr Gajdos 2018-10-15 10:44:59 UTC

Fix altered and resubmitted for 11/ImageMagick.

Comment 16 Swamp Workflow Management 2018-10-17 19:24:12 UTC

openSUSE-SU-2018:3203-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-70.2

Comment 17 Swamp Workflow Management 2018-10-22 13:13:08 UTC

SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1

Comment 20 Swamp Workflow Management 2018-10-23 19:19:03 UTC

SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1

Comment 21 Marcus Meissner 2018-10-26 06:48:21 UTC

released

Comment 22 OBSbugzilla Bot 2021-10-04 16:41:43 UTC

This is an autogenerated message for OBS integration:
This bug (1107616) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick