First Last Prev Next    This bug is not in your last search results.
Bug 1055214 - (CVE-2017-13134) VUL-0: CVE-2017-13134: GraphicsMagick,ImageMagick: In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file.
(CVE-2017-13134)
VUL-0: CVE-2017-13134: GraphicsMagick,ImageMagick: In ImageMagick 7.0.6-6, a ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/190909/
CVSSv2:SUSE:CVE-2017-13134:5.0:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-23 10:01 UTC by Marcus Meissner
Modified: 2018-02-12 08:27 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
heap_buffer_overflow_in_SFWScan (1.50 KB, application/octet-stream)
2017-08-23 10:02 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-08-23 10:01:08 UTC 
CVE-2017-13134

In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the
function SFWScan in coders/sfw.c, which allows attackers to cause a
denial of service via a crafted file.


https://github.com/ImageMagick/ImageMagick/issues/670
Comment 1 Marcus Meissner 2017-08-23 10:02:04 UTC 
Created attachment 737959 [details]
heap_buffer_overflow_in_SFWScan

QA REPRODUCER:

valgrind identify heap_buffer_overflow_in_SFWScan

for imagemagick

valgrind gm identify heap_buffer_overflow_in_SFWScan

for graphicsmagick

should not show invalid reads.
Comment 2 Marcus Meissner 2017-08-23 10:03:06 UTC 
its not crashing, so mostly an information leak due to the overread.
Comment 3 Petr Gajdos 2017-11-06 15:14:28 UTC 
BEFORE

12/ImageMagick

$ valgrind -q identify heap_buffer_overflow_in_SFWScan 
==1191== Conditional jump or move depends on uninitialised value(s)
==1191==    at 0x84185F7: SFWScan (sfw.c:134)
==1191==    by 0x84185F7: ReadSFWImage (sfw.c:272)
==1191==    by 0x4EBF2BA: ReadImage (constitute.c:601)
==1191==    by 0x4FD0B68: ReadStream (stream.c:974)
==1191==    by 0x4EBEE00: PingImage (constitute.c:278)
==1191==    by 0x4EBF03A: PingImages (constitute.c:373)
==1191==    by 0x535852B: IdentifyImageCommand (identify.c:322)
==1191==    by 0x5385C72: MagickCommandGenesis (mogrify.c:166)
==1191==    by 0x400971: IdentifyMain (identify.c:80)
==1191==    by 0x400971: main (identify.c:93)
==1191== 
identify: improper image header `heap_buffer_overflow_in_SFWScan' @ error/sfw.c/ReadSFWImage/277.
$

11/ImageMagick
$ valgrind -q identify heap_buffer_overflow_in_SFWScan 
==12171== Conditional jump or move depends on uninitialised value(s)
==12171==    at 0x9F086FB: ReadSFWImage (sfw.c:136)
==12171==    by 0x4E94D87: ReadImage (constitute.c:441)
==12171==    by 0x52D0C14: IdentifyImageCommand (identify.c:297)
==12171==    by 0x400DA7: main (identify.c:101)
identify: Improper image header `heap_buffer_overflow_in_SFWScan'.
$

GraphicsMagick

$ valgrind -q gm identify heap_buffer_overflow_in_SFWScan
==2638== Conditional jump or move depends on uninitialised value(s)
==2638==    at 0x79CC359: SFWScan (sfw.c:128)
==2638==    by 0x79CC359: ReadSFWImage (sfw.c:271)
==2638==    by 0x4EC0F07: ReadImage (constitute.c:1607)
==2638==    by 0x4EC1D21: PingImage (constitute.c:1370)
==2638==    by 0x4E8DF4C: IdentifyImageCommand (command.c:8375)
==2638==    by 0x4E8F894: MagickCommand (command.c:8865)
==2638==    by 0x4E909AD: GMCommandSingle (command.c:17379)
==2638==    by 0x4EB40BD: GMCommand (command.c:17432)
==2638==    by 0x54436E4: (below main) (in /lib64/libc-2.22.so)
==2638== 
gm identify: Improper image header (heap_buffer_overflow_in_SFWScan).
gm identify: Request did not return an image.
$

PATCH

https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904

AFTER

ImageMagick

$ valgrind -q identify heap_buffer_overflow_in_SFWScan 
identify: improper image header `heap_buffer_overflow_in_SFWScan' @ error/sfw.c/ReadSFWImage/276.
$

GraphicsMagick
Comment 4 Petr Gajdos 2017-11-07 15:58:34 UTC 
I believe all fixed.
Comment 6 Bernhard Wiedemann 2017-11-07 17:00:44 UTC 
This is an autogenerated message for OBS integration:
This bug (1055214) was mentioned in
https://build.opensuse.org/request/show/539605 42.2 / GraphicsMagick
https://build.opensuse.org/request/show/539606 42.3 / GraphicsMagick
Comment 7 Swamp Workflow Management 2017-11-15 14:08:28 UTC 
openSUSE-SU-2017:3020-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1054757,1055214,1056426,1056429,1057508,1066003
CVE References: CVE-2017-12983,CVE-2017-13134,CVE-2017-13776,CVE-2017-13777,CVE-2017-14165,CVE-2017-15930
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-39.1
openSUSE Leap 42.2 (src):    GraphicsMagick-1.3.25-11.39.1
Comment 10 Swamp Workflow Management 2017-12-20 17:11:25 UTC 
SUSE-SU-2017:3378-1: An update that fixes 26 vulnerabilities is now available.

Category: security (important)
Bug References: 1048457,1049796,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052758,1052764,1054757,1055214,1056432,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060577,1066003,1067181,1067184
CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14733,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.14.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.78.14.1
Comment 11 Swamp Workflow Management 2017-12-20 17:38:32 UTC 
SUSE-SU-2017:3388-1: An update that solves 32 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1048457,1049796,1050083,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052744,1052758,1052764,1054757,1055214,1056432,1057157,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060176,1060577,1061254,1062750,1066003,1067181,1067184,1067409
CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11523,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14138,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14682,CVE-2017-14733,CVE-2017-14989,CVE-2017-15217,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546,CVE-2017-16669
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.17.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.17.1
Comment 12 Swamp Workflow Management 2017-12-22 20:14:10 UTC 
openSUSE-SU-2017:3420-1: An update that solves 32 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1048457,1049796,1050083,1050116,1050139,1050632,1051441,1051847,1052450,1052553,1052689,1052744,1052758,1052764,1054757,1055214,1056432,1057157,1057719,1057729,1057730,1058485,1058637,1059666,1059778,1060176,1060577,1061254,1062750,1066003,1067181,1067184,1067409
CVE References: CVE-2017-11188,CVE-2017-11478,CVE-2017-11523,CVE-2017-11527,CVE-2017-11535,CVE-2017-11640,CVE-2017-11752,CVE-2017-12140,CVE-2017-12435,CVE-2017-12587,CVE-2017-12644,CVE-2017-12662,CVE-2017-12669,CVE-2017-12983,CVE-2017-13134,CVE-2017-13769,CVE-2017-14138,CVE-2017-14172,CVE-2017-14173,CVE-2017-14175,CVE-2017-14341,CVE-2017-14342,CVE-2017-14531,CVE-2017-14607,CVE-2017-14682,CVE-2017-14733,CVE-2017-14989,CVE-2017-15217,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546,CVE-2017-16669
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-40.1
openSUSE Leap 42.2 (src):    ImageMagick-6.8.8.1-30.12.1
Comment 13 Swamp Workflow Management 2017-12-27 14:09:08 UTC 
SUSE-SU-2017:3435-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1050632,1052450,1054757,1055214,1056426,1056429,1057508,1058485,1058637,1066003,1067181,1067184,1067409
CVE References: CVE-2016-7996,CVE-2017-11640,CVE-2017-12587,CVE-2017-12983,CVE-2017-13134,CVE-2017-13776,CVE-2017-13777,CVE-2017-14165,CVE-2017-14341,CVE-2017-14342,CVE-2017-15930,CVE-2017-16545,CVE-2017-16546,CVE-2017-16669
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.78.19.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.19.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.78.19.1
Comment 14 Marcus Meissner 2018-02-12 08:27:16 UTC 
released
First Last Prev Next    This bug is not in your last search results.