Bug 1082348 – VUL-0: CVE-2017-12693: ImageMagick: The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remoteattackers to cause a denial of service (memory consumption) via a crafted BMPfile.

Bug 1082348 - (CVE-2017-12693) VUL-0: CVE-2017-12693: ImageMagick: The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remoteattackers to cause a denial of service (memory consumption) via a crafted BMPfile.

(CVE-2017-12693)
Summary:	VUL-0: CVE-2017-12693: ImageMagick: The ReadBMPImage function in coders/bmp.c...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/200684/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-02-22 16:36 UTC by Victor Pereira
Modified:	2018-04-06 22:39 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2018-02-22 16:36:13 UTC

CVE-2017-12693

The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote
attackers to cause a denial of service (memory consumption) via a crafted BMP
file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12693

Comment 3 Petr Gajdos 2018-02-26 09:15:23 UTC

Info from RH bug.

Upstream bug:

https://github.com/ImageMagick/ImageMagick/issues/652

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e

References:

https://bugs.gentoo.org/show_bug.cgi?id=629576

Comment 4 Petr Gajdos 2018-02-26 10:35:08 UTC

BEFORE

12/ImageMagick

$ valgrind -q convert oom-ReadBMPImage2 test.png
convert: insufficient image data in file `oom-ReadBMPImage2' @ error/bmp.c/ReadBMPImage/962.
convert: no images defined `test.png' @ error/convert.c/ConvertImageCommand/3149.
$

[valgrind run takes cca 0.75s]

11/ImageMagick

$ valgrind -q convert oom-ReadBMPImage2 test.png
convert: Insufficient image data in file `oom-ReadBMPImage2'.
convert: missing an image filename `test.png'.
$

[valgrind run takes cca 4s]

11/GraphicsMagick

$ time gm convert oom-ReadBMPImage2 test.png         
gm convert: Unexpected end-of-file (oom-ReadBMPImage2).

real	0m5.491s
user	0m4.906s
sys	0m0.584s
$
[cpu 100% and up to 30% memory on my system]

42.3/GraphicsMagick

time gm convert oom-ReadBMPImage2 test.png
gm convert: Insufficient image data in file (oom-ReadBMPImage2).

real	0m0.004s
user	0m0.000s
sys	0m0.003s
$
[no issue observed]

PATCH

see comment 3


AFTER

12/ImageMagick

$ convert oom-ReadBMPImage2 test.png
convert: insufficient image data in file `oom-ReadBMPImage2' @ error/bmp.c/ReadBMPImage/947.
convert: no images defined `test.png' @ error/convert.c/ConvertImageCommand/3149.
$
[fails sooner, on line 947]

11/ImageMagick

$ valgrind -q convert oom-ReadBMPImage2 test.png
convert: Insufficient image data in file `oom-ReadBMPImage2'.
convert: missing an image filename `test.png'.
$
[valgrind run takes 0.84s]

11/GraphicsMagick

$ time gm convert oom-ReadBMPImage2 test.png
gm convert: Insufficient image data in file (oom-ReadBMPImage2).

real	0m0.003s
user	0m0.003s
sys	0m0.000s
$

Comment 5 Petr Gajdos 2018-02-26 10:35:31 UTC

Will submit for: 12/ImageMagick, 11/ImageMagick and 11/GraphicsMagick.

Comment 6 Petr Gajdos 2018-02-28 14:58:09 UTC

I believe all fixed.

Comment 13 Swamp Workflow Management 2018-04-03 13:09:17 UTC

SUSE-SU-2018:0857-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011
CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.47.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.47.1

Comment 14 Swamp Workflow Management 2018-04-03 19:12:13 UTC

SUSE-SU-2018:0864-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050087,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1084060,1084062,1085233
CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12693,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-18220,CVE-2017-18230
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.44.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.44.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.44.1

Comment 15 Swamp Workflow Management 2018-04-05 19:12:29 UTC

SUSE-SU-2018:0880-1: An update that fixes 16 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1084060,1086011
CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-9500,CVE-2018-7443,CVE-2018-8804
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.40.1

Comment 16 Andreas Stieger 2018-04-06 16:54:31 UTC

releasing for Leap, closing as done

Comment 17 Swamp Workflow Management 2018-04-06 22:09:00 UTC

openSUSE-SU-2018:0893-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011
CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-58.1