First Last Prev Next    This bug is not in your last search results.
Bug 1133501 - (CVE-2019-11505) VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly
(CVE-2019-11505)
VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/230257/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-26 08:54 UTC by Marcus Meissner
Modified: 2019-07-10 05:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
heap-buffer-overflow-WritePDBImage (532 bytes, text/plain)
2019-04-26 08:56 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-26 08:54:42 UTC 
CVE-2019-11505

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a
heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which
allows an attacker to cause a denial of service or possibly have unspecified
other impact via a crafted image file. This is related to
MagickBitStreamMSBWrite in magick/bit_stream.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11505
http://www.securityfocus.com/bid/108063
https://sourceforge.net/p/graphicsmagick/bugs/605/
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
Comment 1 Marcus Meissner 2019-04-26 08:56:15 UTC 
Created attachment 803667 [details]
heap-buffer-overflow-WritePDBImage

QA REPRODUCER:

gm convert heap-buffer-overflow-WritePDBImage test.pdb

should not report heap corruption backtrace

(IM not affected I think)
Comment 2 Petr Gajdos 2019-04-29 14:38:48 UTC 
BEFORE

15.0,42.3/GraphicsMagick

$ gm convert heap-buffer-overflow-WritePDBImage out.pdb
*** Error in `gm': free(): invalid pointer: 0x000055a594927f50 ***
gm convert: abort due to signal 6 (SIGABRT) "Abort"...
Aborted (core dumped)
$

12,15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
convert: improper image header `heap-buffer-overflow-WritePDBImage' @ error/miff.c/ReadMIFFImage/1119.
$

PATCH

GraphicsMagick: referenced in comment 0
ImageMagick: there is a similar commit
https://github.com/ImageMagick/ImageMagick/commit/d19acd3a822624ca35794a725c325ebe6a3e4057

AFTER

15.0,42.3/GraphicsMagick

$ gm convert heap-buffer-overflow-WritePDBImage out.pdb
gm convert: Improper image header (heap-buffer-overflow-WritePDBImage).
$

12,15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
convert: improper image header `heap-buffer-overflow-WritePDBImage' @ error/miff.c/ReadMIFFImage/1119.
$
[no change]
Comment 3 Petr Gajdos 2019-04-29 14:39:23 UTC 
Will submit for 15.0,42.3/GraphicsMagick and 12,15/ImageMagick.
Comment 4 Swamp Workflow Management 2019-04-30 11:50:29 UTC 
This is an autogenerated message for OBS integration:
This bug (1133501) was mentioned in
https://build.opensuse.org/request/show/699628 15.0 / GraphicsMagick
https://build.opensuse.org/request/show/699629 42.3 / GraphicsMagick
Comment 8 Petr Gajdos 2019-05-02 09:20:29 UTC 
I believe all fixed.
Comment 10 Swamp Workflow Management 2019-05-09 13:10:05 UTC 
openSUSE-SU-2019:1354-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 15.0 (src):    GraphicsMagick-1.3.29-lp150.3.28.1
Comment 11 Swamp Workflow Management 2019-05-09 13:11:13 UTC 
openSUSE-SU-2019:1355-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-135.1
Comment 12 Swamp Workflow Management 2019-05-10 19:19:13 UTC 
SUSE-SU-2019:14043-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1130330,1131317,1132053,1132060,1133204,1133205,1133498,1133501
CVE References: CVE-2019-10650,CVE-2019-11007,CVE-2019-11009,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-9956
Sources used:
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-05-22 22:09:55 UTC 
openSUSE-SU-2019:1437-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Backports SLE-15 (src):    GraphicsMagick-1.3.29-bp150.2.21.1
Comment 17 Swamp Workflow Management 2019-05-28 13:31:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1133501) was mentioned in
https://build.opensuse.org/request/show/705902 15.1 / GraphicsMagick
Comment 19 Swamp Workflow Management 2019-06-17 19:16:34 UTC 
SUSE-SU-2019:1523-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1136183,1136732
CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.61.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2019-06-24 13:27:52 UTC 
openSUSE-SU-2019:1603-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1136183,1136732
CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598
Sources used:
openSUSE Leap 15.1 (src):    ImageMagick-7.0.7.34-lp151.7.3.1
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.32.1
Comment 23 Petr Gajdos 2019-06-24 19:38:06 UTC 
(In reply to Petr Gajdos from comment #2)
> 12,15/ImageMagick
> 
> $ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
> convert: improper image header `heap-buffer-overflow-WritePDBImage' @
> error/miff.c/ReadMIFFImage/1119.
> $
[...]
> 12,15/ImageMagick
> 
> $ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
> convert: improper image header `heap-buffer-overflow-WritePDBImage' @
> error/miff.c/ReadMIFFImage/1119.
> $
> [no change]

QA: I hope that from above it is clear that for ImageMagick the output before and after is the same.
Comment 24 Swamp Workflow Management 2019-06-25 19:12:26 UTC 
SUSE-SU-2019:1712-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464
CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Server 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2019-07-01 16:14:30 UTC 
openSUSE-SU-2019:1683-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464
CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-85.1
Comment 26 Marcus Meissner 2019-07-10 05:36:44 UTC 
released
First Last Prev Next    This bug is not in your last search results.