Bug 1107616 - (CVE-2018-16642) VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c in allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write
(CVE-2018-16642)
VUL-1: CVE-2018-16642: GraphicsMagick,ImageMagick: InsertRow in coders/cut.c ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/213898/
CVSSv3:SUSE:CVE-2018-16642:4.4:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-07 07:39 UTC by Karol Babioch
Modified: 2021-10-04 16:41 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-09-07 07:39:36 UTC
CVE-2018-16642

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote
attackers to cause a denial of service via a crafted image file due to an
out-of-bounds write.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16642
https://github.com/ImageMagick/ImageMagick/issues/1162
https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
Comment 1 Karol Babioch 2018-09-07 07:48:36 UTC
After a quick look at the source code (and some estimated guesses), all codestreams are affected:

- SUSE:SLE-11:Update/GraphicsMagick
- SUSE:SLE-11:Update/ImageMagick
- SUSE:SLE-12:Update/ImageMagick
- SUSE:SLE-15:Update/ImageMagick
Comment 2 Petr Gajdos 2018-09-11 09:17:38 UTC
Thanks Karol for the analysis.

From the upstream patch, it seems they just unified the InsertRow() code of wpg.c and cut.c including the return value of this function they do not use in cut.c.

From this and also from description of the bug I conclude it is enough to unify InsertRow() everywhere where CVE-2016-7526 is fixed to have CVE-2018-16642 fixed as well.
Comment 3 Petr Gajdos 2018-09-11 12:20:12 UTC
Will submit for 15,12,11/ImageMagick and 11/GraphicsMagick.
Comment 4 Petr Gajdos 2018-09-11 12:37:15 UTC
I believe all fixed.
Comment 9 Swamp Workflow Management 2018-10-02 19:15:07 UTC
SUSE-SU-2018:2977-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.24.1
Comment 11 Swamp Workflow Management 2018-10-05 10:10:39 UTC
openSUSE-SU-2018:3014-1: An update that fixes 10 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1106857,1106858,1106989,1107604,1107609,1107612,1107616,1107618,1107619
CVE References: CVE-2018-16323,CVE-2018-16328,CVE-2018-16329,CVE-2018-16413,CVE-2018-16640,CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.15.1
Comment 12 Swamp Workflow Management 2018-10-11 07:09:42 UTC
SUSE-SU-2018:3095-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.79.1
Comment 14 Petr Gajdos 2018-10-15 10:44:59 UTC
Fix altered and resubmitted for 11/ImageMagick.
Comment 16 Swamp Workflow Management 2018-10-17 19:24:12 UTC
openSUSE-SU-2018:3203-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1050129,1105592,1106989,1107604,1107609,1107612,1107616,1107619,1108282,1108283
CVE References: CVE-2017-11532,CVE-2018-16413,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-70.2
Comment 17 Swamp Workflow Management 2018-10-22 13:13:08 UTC
SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
Comment 20 Swamp Workflow Management 2018-10-23 19:19:03 UTC
SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
Comment 21 Marcus Meissner 2018-10-26 06:48:21 UTC
released
Comment 22 OBSbugzilla Bot 2021-10-04 16:41:43 UTC
This is an autogenerated message for OBS integration:
This bug (1107616) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick