Bugzilla – Bug 1056434
VUL-2: CVE-2017-13768: ImageMagick: denial of service issue in function IdentifyImage in MagickCore/identify.c
Last modified: 2018-04-06 22:38:56 UTC
CVE-2017-13768 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13768
Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/706 Upstream fix: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
NULL ptr abort, not exploitable as far as I see.
No testcase.
12/ImageMagick: affected 11/ImageMagick: affected 11/GraphicsMagick: code not found 42.3/GrahicsMagick: code not found
Will submit for 12/ImageMagick and 11/ImageMagick.
I believe all fixed.
SUSE-SU-2018:0857-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1
SUSE-SU-2018:0880-1: An update that fixes 16 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1084060,1086011 CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-9500,CVE-2018-7443,CVE-2018-8804 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1 SUSE Linux Enterprise Server 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1
releasing for Leap, closing as done
openSUSE-SU-2018:0893-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-58.1