Bug 1057163 - (CVE-2017-14139) VUL-1: CVE-2017-14139: GraphicsMagick,ImageMagick: memory leak vulnerability in WriteMSLImage in coders/msl.c.
(CVE-2017-14139)
VUL-1: CVE-2017-14139: GraphicsMagick,ImageMagick: memory leak vulnerability ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/191436/
CVSSv2:SUSE:CVE-2017-14139:5.0:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-05 07:45 UTC by Alexander Bergmann
Modified: 2019-08-16 15:36 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Reproducer (10 bytes, application/x-font-ttf)
2017-09-05 07:48 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexander Bergmann 2017-09-05 07:48:39 UTC
Created attachment 739405 [details]
Reproducer

#> valgrind --leak-check=full convert leak-WriteMSLImage out.msl
...
==29942== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)

It is not clear if the reproducer triggered the mentioned problem under SLE.
Comment 2 Marcus Meissner 2017-09-05 14:08:30 UTC
valgrind --leak-check=full convert leak-WriteMSLImage foo.jpg

on leap has various leaks reported
Comment 3 Petr Gajdos 2018-02-16 18:49:32 UTC
I am not sure if other code streams than 12/ImageMagick are affected. For 12/ImageMagick, the patch applies cleanly.

BEFORE

12/ImageMagick

$ valgrind -q --leak-check=full convert leak-WriteMSLImage out.msl
convert: unable to read font `leak-WriteMSLImage' @ error/annotate.c/RenderFreetype/1335.
convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3307.
convert: unable to read font `leak-WriteMSLImage' @ error/annotate.c/RenderFreetype/1335.
convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3307.
convert: not authorized `out.msl' @ error/constitute.c/WriteImage/1080.
$
[no issues observed]

AFTER

12/ImageMagick

$ valgrind -q --leak-check=full convert leak-WriteMSLImage out.msl
convert: unable to read font `leak-WriteMSLImage' @ error/annotate.c/RenderFreetype/1335.
convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3307.
convert: unable to read font `leak-WriteMSLImage' @ error/annotate.c/RenderFreetype/1335.
convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3307.
convert: not authorized `out.msl' @ error/constitute.c/WriteImage/1080.
$
[no change]

I will submit now only for 12/ImageMagick.
Comment 4 Petr Gajdos 2018-02-16 18:50:15 UTC
Will submit for 12/ImageMagick.
Comment 5 Petr Gajdos 2018-02-16 19:16:42 UTC
Packages submitted.
Comment 6 Petr Gajdos 2018-02-16 19:22:52 UTC
Not all code streams are fixed, reassinging back.
Comment 9 Swamp Workflow Management 2018-03-01 20:18:19 UTC
SUSE-SU-2018:0581-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.42.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-71.42.1
Comment 10 Swamp Workflow Management 2018-03-06 23:16:57 UTC
openSUSE-SU-2018:0621-1: An update that fixes 35 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1042824,1042911,1048110,1048272,1049374,1049375,1050048,1050119,1050122,1050126,1050132,1050617,1052207,1052248,1052251,1052254,1052472,1052688,1052711,1052747,1052750,1052754,1052761,1055069,1055229,1056768,1057163,1058009,1072898,1074119,1074170,1075821,1076182,1078433
CVE References: CVE-2017-11166,CVE-2017-11170,CVE-2017-11448,CVE-2017-11450,CVE-2017-11528,CVE-2017-11530,CVE-2017-11531,CVE-2017-11533,CVE-2017-11537,CVE-2017-11638,CVE-2017-11642,CVE-2017-12418,CVE-2017-12427,CVE-2017-12429,CVE-2017-12432,CVE-2017-12566,CVE-2017-12654,CVE-2017-12663,CVE-2017-12664,CVE-2017-12665,CVE-2017-12668,CVE-2017-12674,CVE-2017-13058,CVE-2017-13131,CVE-2017-14060,CVE-2017-14139,CVE-2017-14224,CVE-2017-17682,CVE-2017-17885,CVE-2017-17934,CVE-2017-18028,CVE-2017-9405,CVE-2017-9407,CVE-2018-5357,CVE-2018-6405
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-55.1
Comment 13 Karol Babioch 2019-01-17 07:50:43 UTC
Given that we cannot reproduce this correctly and haven't turned on MSL, I'm considering this to not affect us and adjusted our tracking accordingly. Given that other affected codestreams are already fixed, we can close this bug.