Bug 1017309 - (CVE-2016-10047) VUL-0: CVE-2016-10047: ImageMagick: Memory leak in XML file transversal
(CVE-2016-10047)
VUL-0: CVE-2016-10047: ImageMagick: Memory leak in XML file transversal
Status: RESOLVED WORKSFORME
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/178103/
CVSSv2:SUSE:CVE-2016-10047:4.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-27 09:21 UTC by Johannes Segitz
Modified: 2017-01-26 18:08 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-12-27 09:21:21 UTC
Debian bug: https://bugs.debian.org/833732
Reference URL: https://security-tracker.debian.org/833732
Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
Upstream issue: N/A
Upstream version fixed: 6.9.4-7

Use CVE-2016-10047.

Looks like no SUSE codestream is affected.
Comment 1 Swamp Workflow Management 2016-12-27 23:00:40 UTC
bugbot adjusting priority
Comment 2 Petr Gajdos 2017-01-26 11:49:27 UTC
(In reply to Johannes Segitz from comment #0)
> Looks like no SUSE codestream is affected.

I tend to agree. ParseOpenTag() is called unconditionally.
Comment 3 Petr Gajdos 2017-01-26 11:50:06 UTC
.