Bug 1214074 (CVE-2023-39978) - VUL-0: CVE-2023-39978: ImageMagick,GraphicsMagick: denial of service (memory consumption) in Magick:Draw
Summary: VUL-0: CVE-2023-39978: ImageMagick,GraphicsMagick: denial of service (memory ...
Status: RESOLVED INVALID
Alias: CVE-2023-39978
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/374464/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-39978:3.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-08 13:35 UTC by Robert Frohl
Modified: 2023-08-24 11:35 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Frohl 2023-08-08 13:57:20 UTC 
Looks to be introduced with 6.9.12-78 or https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf
Comment 2 Robert Frohl 2023-08-08 13:58:39 UTC 
@Petr: Is there a bug tracker that could help confirm this ?
Comment 4 Petr Gajdos 2023-08-24 10:09:29 UTC 
Thank you Robert for the research. Even if I cannot reproduce with the testcase from https://github.com/rmagick/rmagick/issues/1401#issuecomment-1636684139 with valgrind,

https://github.com/rmagick/rmagick/issues/1401#issuecomment-1636684139

confirms your findings. I think we are unaffected, as you suggested.
Comment 5 Robert Frohl 2023-08-24 11:34:52 UTC 
perfect, thank you for confirming
Comment 6 Robert Frohl 2023-08-24 11:35:10 UTC 
closing