Bug 1212234 (CVE-2023-34475) - VUL-0: CVE-2023-34475: GraphicsMagick,ImageMagick: heap use-after-free issue in ReplaceXmpValue
Summary: VUL-0: CVE-2023-34475: GraphicsMagick,ImageMagick: heap use-after-free issue ...
Status: RESOLVED FIXED
Alias: CVE-2023-34475
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/369045/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-12 12:06 UTC by Gianluca Gabrielli
Modified: 2023-10-17 15:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2023-06-12 12:06:07 UTC 
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could pass specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34475
https://bugzilla.redhat.com/show_bug.cgi?id=2214149
Comment 1 Gianluca Gabrielli 2023-06-12 12:06:53 UTC 
Only Factory is affected.
Comment 2 Petr Gajdos 2023-06-15 09:11:17 UTC 
Thanks.

According to upstream change log it was fixed in 7.1.1-10, which is already in Factory. I will submit rpm change log additional note.
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-10---2023-05-21
Comment 3 Petr Gajdos 2023-06-15 10:03:25 UTC 
Submitted for Factory.

I believe all fixed.
Comment 4 OBSbugzilla Bot 2023-06-15 10:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1212234) was mentioned in
https://build.opensuse.org/request/show/1093259 Factory / ImageMagick