Bug 1111069 – VUL-1: CVE-2018-18024: GraphicsMagick,ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c file

Bug 1111069 - (CVE-2018-18024) VUL-1: CVE-2018-18024: GraphicsMagick,ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c file

(CVE-2018-18024)
Summary:	VUL-1: CVE-2018-18024: GraphicsMagick,ImageMagick: infinite loop in the ReadB...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/216250/
Whiteboard:	CVSSv3:SUSE:CVE-2018-18024:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-10-08 13:20 UTC by Karol Babioch
Modified:	2021-10-04 16:42 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
QA reproducer (652 bytes, image/bmp) 2018-10-10 12:09 UTC, Karol Babioch	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-10-08 13:20:16 UTC

CVE-2018-18024



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18024
http://www.cvedetails.com/cve/CVE-2018-18024/
https://github.com/ImageMagick/ImageMagick/issues/1337
https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82

Comment 1 Karol Babioch 2018-10-10 12:02:36 UTC

Based on a source code review all available packages are affected:

- SUSE:SLE-11:Update/GraphicsMagick
- SUSE:SLE-11:Update/ImageMagick
- SUSE:SLE-12:Update/ImageMagick
- SUSE:SLE-15:Update/ImageMagick

Comment 2 Karol Babioch 2018-10-10 12:09:20 UTC

Created attachment 785622 [details]
QA reproducer

Comment 3 Karol Babioch 2018-10-10 12:09:55 UTC

The reproducer could be triggered on SLE12SP3, which resulted in an infinite loop:

$ convert infinite_loop_in_bmp.c.bmp /dev/null

Comment 4 Petr Gajdos 2018-10-12 15:20:12 UTC

BEFORE

15,12,11/ImageMagick and 11/GraphicsMagick:

$ convert infinite_loop_in_bmp.c.bmp /dev/null
[hangs]

15.0/GraphicsMagick

$ time gm convert infinite_loop_in_bmp.c.bmp /dev/null

real	0m0.003s
user	0m0.000s
sys	0m0.003s
$

PATCH

comment #0

AFTER

15,12,11/ImageMagick and 11/GraphicsMagick:

$ time convert infinite_loop_in_bmp.c.bmp /dev/null
111069: length and filesize do not match `infinite_loop_in_bmp.c.bmp' @ warning/bmp.c/ReadBMPImage/827.
111069: improper image header `infinite_loop_in_bmp.c.bmp' @ error/bmp.c/ReadBMPImage/942.
111069: no images defined `/dev/null' @ error/convert.c/ConvertImageCommand/3149.

real	0m0.015s
user	0m0.015s
sys	0m0.000s
$

Comment 5 Petr Gajdos 2018-10-12 15:21:02 UTC

Will submit for 15,12,11/ImageMagick and 11/GraphicsMagick.

Comment 6 Petr Gajdos 2018-10-12 15:22:47 UTC

Everywhere:

s@11/GraphicsMagick@11,42.3/GraphicsMagick@.

That means:

Will submit for 15,12,11/ImageMagick and 11,42.3/GraphicsMagick.

Comment 7 Petr Gajdos 2018-10-12 17:02:48 UTC

Packages submitted.
I believe all fixed.

Comment 9 Swamp Workflow Management 2018-10-15 08:10:06 UTC

This is an autogenerated message for OBS integration:
This bug (1111069) was mentioned in
https://build.opensuse.org/request/show/642005 42.3 / GraphicsMagick

Comment 13 Swamp Workflow Management 2018-10-17 10:12:17 UTC

SUSE-SU-2018:3191-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1

Comment 14 Swamp Workflow Management 2018-10-17 19:24:58 UTC

openSUSE-SU-2018:3204-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1111069
CVE References: CVE-2018-18024
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-111.1

Comment 15 Swamp Workflow Management 2018-10-18 17:27:24 UTC

openSUSE-SU-2018:3225-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-73.1

Comment 16 Swamp Workflow Management 2018-10-22 13:14:01 UTC

SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1

Comment 19 Swamp Workflow Management 2018-10-23 19:19:43 UTC

SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1

Comment 20 Marcus Meissner 2018-10-26 06:40:47 UTC

released

Comment 22 Swamp Workflow Management 2018-11-13 14:12:01 UTC

SUSE-SU-2018:3753-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106254,1110746,1111069,1111072
CVE References: CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.34.3
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.34.3

Comment 23 Swamp Workflow Management 2018-11-16 23:11:18 UTC

openSUSE-SU-2018:3797-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106254,1110746,1111069,1111072
CVE References: CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.21.1

Comment 24 OBSbugzilla Bot 2021-10-04 16:42:02 UTC

This is an autogenerated message for OBS integration:
This bug (1111069) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick