Bugzilla – Bug 1179202
VUL-0: CVE-2020-25664: ImageMagick: heap-based buffer overflow in PopShortPixel
Last modified: 2021-01-27 16:25:42 UTC
CVE-2020-25664 In ImageMagick, there is a heap-buffer-overflow at MagickCore/quantum-private.h:227:12 in PopShortPixel. Reference: https://github.com/ImageMagick/ImageMagick/issues/1716 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/1f450bb5ba53d275de6d1cd086c98a0b549ad393 References: https://bugzilla.redhat.com/show_bug.cgi?id=1891605 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25664
The POC provided by upstream seems currently unavailable. By source review it seems that only the call to AcquireVirtualMemory() exists. Still this might trigger the vulnerability and should be fixed. Tracked SLE15-SP2,SLE15 and SLE12 as affected.
The fix for CVE-2020-27752 bsc#1179346 extends this fix.
ImageMagick6 commit https://github.com/ImageMagick/ImageMagick6/commit/27d3ddedb73f63fa984ff5b4d66e07eef654070f
I have added also the missing memset.
Will submit for 15sp2,15,12,11/ImageMagick.
See bug 1179346, comment 4.
Packages submitted. I believe all fixed.
SUSE-SU-2021:0153-1: An update that fixes 34 vulnerabilities is now available. Category: security (moderate) Bug References: 1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): ImageMagick-7.0.7.34-10.9.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): ImageMagick-7.0.7.34-10.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14598-1: An update that fixes 19 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179212,1179269,1179281,1179311,1179312,1179313,1179315,1179321,1179322,1179327,1179336,1179338,1179339,1179345,1179346,1179347,1179397 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25666,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27763,CVE-2020-27765,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27771,CVE-2020-27772,CVE-2020-27775 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.135.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ImageMagick-6.4.3.6-78.135.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0156-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: SUSE Manager Server 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Manager Retail Branch Server 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Manager Proxy 4.0 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server for SAP 15 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Server 15-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ImageMagick-7.0.7.34-3.90.1 SUSE Enterprise Storage 6 (src): ImageMagick-7.0.7.34-3.90.1 SUSE CaaS Platform 4.0 (src): ImageMagick-7.0.7.34-3.90.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0136-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: openSUSE Leap 15.2 (src): ImageMagick-7.0.7.34-lp152.12.9.1
SUSE-SU-2021:0199-1: An update that fixes 32 vulnerabilities is now available. Category: security (important) Bug References: 1179103,1179202,1179208,1179212,1179223,1179240,1179244,1179260,1179268,1179269,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27757,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud Crowbar 8 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 9 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 8 (src): ImageMagick-6.8.8.1-71.154.1 SUSE OpenStack Cloud 7 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP5 (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): ImageMagick-6.8.8.1-71.154.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): ImageMagick-6.8.8.1-71.154.1 SUSE Enterprise Storage 5 (src): ImageMagick-6.8.8.1-71.154.1 HPE Helion Openstack 8 (src): ImageMagick-6.8.8.1-71.154.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0148-1: An update that fixes 35 vulnerabilities is now available. Category: security (moderate) Bug References: 1179103,1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753 CVE References: CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 JIRA References: Sources used: openSUSE Leap 15.1 (src): ImageMagick-7.0.7.34-lp151.7.26.1
DONE