Bug 1048936 - (CVE-2017-11352) VUL-0: CVE-2017-11352: GraphicsMagick,ImageMagick: A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c
(CVE-2017-11352)
VUL-0: CVE-2017-11352: GraphicsMagick,ImageMagick: A crafted RLE image can tr...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/188571/
CVSSv2:SUSE:CVE-2017-11352:7.1:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-17 10:59 UTC by Johannes Segitz
Modified: 2018-07-04 14:37 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-07-17 10:59:04 UTC
CVE-2017-11352

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash
because of incorrect EOF handling in coders/rle.c. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2017-9144.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11352
http://seclists.org/oss-sec/2017/q3/172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11352
https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373
https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23
Comment 1 Marcus Meissner 2017-09-27 14:53:40 UTC
hm. the operand=EOF (-1) can be misused later to a integer overflow,
and EOF(-1) is even casted to size_t.
Comment 3 Petr Gajdos 2017-12-05 17:31:24 UTC
This is my upstream report and I am almost sure I ported it correctly. See CVE-2017-9144, bug 1040332.