Bug 1020433 - (CVE-2016-10144) VUL-0: CVE-2016-10144: Imagemagick: coders/ipl.c: "ipl file missing malloc check"
(CVE-2016-10144)
VUL-0: CVE-2016-10144: Imagemagick: coders/ipl.c: "ipl file missing malloc ch...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-10144:2.6:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-17 17:05 UTC by Mikhail Kasimov
Modified: 2017-05-19 06:36 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-17 17:05:12 UTC
Ref: http://seclists.org/oss-sec/2017/q1/110
============================================
coders/ipl.c: "ipl file missing malloc check"

Debian Bug: https://bugs.debian.org/851485

Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
============================================
Comment 1 Swamp Workflow Management 2017-01-17 23:01:02 UTC
bugbot adjusting priority
Comment 2 Petr Gajdos 2017-01-18 10:30:23 UTC
Testcase not found.
Comment 3 Petr Gajdos 2017-01-18 11:38:29 UTC
GraphicsMagick does not have ipl decoder, not affected.

11/ImageMagick, 12/ImageMagick affected.
Comment 4 Petr Gajdos 2017-01-27 11:04:51 UTC
Packages submitted, I believe all fixed.
Comment 6 Swamp Workflow Management 2017-02-21 14:10:34 UTC
SUSE-SU-2017:0529-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1017308,1017310,1017311,1017312,1017313,1017314,1017318,1017319,1017320,1017321,1017322,1017324,1017325,1017326,1017421,1020433,1020435,1020436,1020439,1020441,1020443,1020446,1020448
CVE References: CVE-2016-10046,CVE-2016-10048,CVE-2016-10049,CVE-2016-10050,CVE-2016-10051,CVE-2016-10052,CVE-2016-10059,CVE-2016-10060,CVE-2016-10061,CVE-2016-10062,CVE-2016-10063,CVE-2016-10064,CVE-2016-10065,CVE-2016-10068,CVE-2016-10069,CVE-2016-10070,CVE-2016-10071,CVE-2016-10144,CVE-2016-10145,CVE-2016-10146,CVE-2017-5506,CVE-2017-5507,CVE-2017-5508,CVE-2017-5510,CVE-2017-5511
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-59.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-59.1
Comment 7 Swamp Workflow Management 2017-03-01 20:11:40 UTC
SUSE-SU-2017:0586-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1017308,1017310,1017311,1017312,1017313,1017314,1017318,1017319,1017320,1017321,1017322,1017324,1017326,1017421,1020433,1020435,1020436,1020439,1020441,1020443,1020448
CVE References: CVE-2016-10046,CVE-2016-10048,CVE-2016-10049,CVE-2016-10050,CVE-2016-10051,CVE-2016-10052,CVE-2016-10059,CVE-2016-10060,CVE-2016-10063,CVE-2016-10064,CVE-2016-10065,CVE-2016-10068,CVE-2016-10070,CVE-2016-10071,CVE-2016-10144,CVE-2016-10145,CVE-2016-10146,CVE-2017-5506,CVE-2017-5507,CVE-2017-5508,CVE-2017-5511
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.65.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.65.1
Comment 8 Swamp Workflow Management 2017-03-02 14:10:45 UTC
openSUSE-SU-2017:0587-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1017308,1017310,1017311,1017312,1017313,1017314,1017318,1017319,1017320,1017321,1017322,1017324,1017325,1017326,1017421,1020433,1020435,1020436,1020439,1020441,1020443,1020446,1020448
CVE References: CVE-2016-10046,CVE-2016-10048,CVE-2016-10049,CVE-2016-10050,CVE-2016-10051,CVE-2016-10052,CVE-2016-10059,CVE-2016-10060,CVE-2016-10061,CVE-2016-10062,CVE-2016-10063,CVE-2016-10064,CVE-2016-10065,CVE-2016-10068,CVE-2016-10069,CVE-2016-10070,CVE-2016-10071,CVE-2016-10144,CVE-2016-10145,CVE-2016-10146,CVE-2017-5506,CVE-2017-5507,CVE-2017-5508,CVE-2017-5510,CVE-2017-5511
Sources used:
openSUSE Leap 42.2 (src):    ImageMagick-6.8.8.1-28.1
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-30.1
Comment 9 Victor Pereira 2017-05-19 06:24:58 UTC
fixed and released