Bug 1048110 – VUL-1: CVE-2017-11166: ImageMagick: In ReadXWDImage in coders\xwd.c a memoryleak can cause memory exhaustion via a crafted length

Bug 1048110 - (CVE-2017-11166) VUL-1: CVE-2017-11166: ImageMagick: In ReadXWDImage in coders\xwd.c a memoryleak can cause memory exhaustion via a crafted length

(CVE-2017-11166)
Summary:	VUL-1: CVE-2017-11166: ImageMagick: In ReadXWDImage in coders\xwd.c a memoryl...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/188258/
Whiteboard:	CVSSv3:SUSE:CVE-2017-11166:7.5:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-07-11 06:33 UTC by Johannes Segitz
Modified:	2018-03-06 23:44 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer (197 bytes, image/x-xwindowdump) 2017-07-11 06:33 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2017-07-11 06:33:14 UTC

CVE-2017-11166

The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory
leak vulnerability that can cause memory exhaustion via a crafted length (number
of color-map entries) field in the header of an XWD file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11166
https://github.com/ImageMagick/ImageMagick/issues/471

Comment 1 Johannes Segitz 2017-07-11 06:33:39 UTC

Created attachment 731883 [details]
Reproducer

Comment 2 Petr Gajdos 2018-02-13 12:44:58 UTC

Seems to be similar to bug 1048272.

Comment 3 Petr Gajdos 2018-02-13 13:09:31 UTC

BEFORE

12/ImageMagick

$ identify ImageMagick-7.0.5-6-memory-exhaustion.XWD 
048110: memory allocation failed `ImageMagick-7.0.5-6-memory-exhaustion.XWD' @ error/xwd.c/ReadXWDImage/330.
$

11/ImageMagick

$ identify ImageMagick-7.0.5-6-memory-exhaustion.XWD 
identify: Memory allocation failed `ImageMagick-7.0.5-6-memory-exhaustion.XWD'.
$

11/GraphicsMagick

$ gm identify ImageMagick-7.0.5-6-memory-exhaustion.XWD 
gm identify: Memory allocation failed (ImageMagick-7.0.5-6-memory-exhaustion.XWD) [Cannot allocate memory].
$

42.3/GraphicsMagick

$ gm identify ImageMagick-7.0.5-6-memory-exhaustion.XWD 
ImageMagick-7.0.5-6-memory-exhaustion.XWD XWD 8x4+0+0 DirectClass 8-bit 197 0.000u 0m:0.000003s
$

[no issues observed]

PATCH

11/GraphicsMagick and 42.3/GraphicsMagick have already the code

AFTER

12/ImageMagick

$ valgrind -q identify ImageMagick-7.0.5-6-memory-exhaustion.XWD
identify: memory allocation failed `ImageMagick-7.0.5-6-memory-exhaustion.XWD' @ error/xwd.c/ReadXWDImage/332.
$

11/ImageMagick

$ valgrind -q identify ImageMagick-7.0.5-6-memory-exhaustion.XWD
identify: Memory allocation failed `ImageMagick-7.0.5-6-memory-exhaustion.XWD'.
$

[no change]

Comment 4 Petr Gajdos 2018-02-13 13:09:47 UTC

Will submit for: 12/ImageMagick and 11/ImageMagick

Comment 5 Petr Gajdos 2018-02-16 19:16:35 UTC

Packages submitted.

Comment 7 Swamp Workflow Management 2018-02-20 14:08:13 UTC

SUSE-SU-2018:0486-1: An update that fixes 24 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1048110,1049374,1049375,1050048,1050617,1050669,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052761,1055069,1055229,1058009,1074119,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11448,CVE-2017-11450,CVE-2017-11537,CVE-2017-11637,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14224,CVE-2017-17885,CVE-2017-18028,CVE-2017-9407,CVE-2018-6405
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.34.1

Comment 8 Swamp Workflow Management 2018-03-01 20:15:00 UTC

SUSE-SU-2018:0581-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1

Comment 9 Andreas Stieger 2018-03-06 19:44:22 UTC

Releasing for Leap, showing as done otherwise

Comment 10 Swamp Workflow Management 2018-03-06 23:13:51 UTC

openSUSE-SU-2018:0621-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-55.1