Bugzilla – Bug 1059735
VUL-2: CVE-2017-14505: ImageMagick: NULL pointer dereference in DrawGetStrokeDashArray in wand/drawing-wand.c could lead to denial of service
Last modified: 2018-04-06 22:38:21 UTC
CVE-2017-14505 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14505 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14505.html http://www.securityfocus.com/bid/100882 https://github.com/ImageMagick/ImageMagick/issues/716
due to NULL ptr a controlled abort, deferable.
No testcase found.
12/ImageMagick: affected 11/ImageMagick: affected 11/GraphicsMagick: affected 42.3/GraphicsMagick: affected HG/GraphicsMagick: affected (will notify upstream)
Will submit for 12/ImageMagick, 11/ImageMagick, 11/GraphicsMagick and 42.3/GraphicsMagick.
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1059735) was mentioned in https://build.opensuse.org/request/show/583120 42.3 / GraphicsMagick
This is an autogenerated message for OBS integration: This bug (1059735) was mentioned in https://build.opensuse.org/request/show/585295 42.3 / GraphicsMagick
This is an autogenerated message for OBS integration: This bug (1059735) was mentioned in https://build.opensuse.org/request/show/586755 42.3 / GraphicsMagick
openSUSE-SU-2018:0733-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1058630,1059735,1066168,1066170,1082283,1082291,1084060,1084062,1085233 CVE References: CVE-2017-14314,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-18220,CVE-2017-18230 Sources used: openSUSE Leap 42.3 (src): GraphicsMagick-1.3.25-79.1
SUSE-SU-2018:0857-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Server 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ImageMagick-6.8.8.1-71.47.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ImageMagick-6.8.8.1-71.47.1
SUSE-SU-2018:0864-1: An update that fixes 13 vulnerabilities is now available. Category: security (moderate) Bug References: 1050087,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1084060,1084062,1085233 CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12693,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-18220,CVE-2017-18230 Sources used: SUSE Studio Onsite 1.3 (src): GraphicsMagick-1.2.5-78.44.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): GraphicsMagick-1.2.5-78.44.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): GraphicsMagick-1.2.5-78.44.1
SUSE-SU-2018:0880-1: An update that fixes 16 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1084060,1086011 CVE References: CVE-2017-11524,CVE-2017-12691,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14343,CVE-2017-14505,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18219,CVE-2017-9500,CVE-2018-7443,CVE-2018-8804 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1 SUSE Linux Enterprise Server 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ImageMagick-6.4.3.6-78.40.1
releasing for Leap, closing as done
openSUSE-SU-2018:0893-1: An update that fixes 17 vulnerabilities is now available. Category: security (moderate) Bug References: 1043290,1050087,1056434,1058630,1059735,1060382,1066168,1066170,1082283,1082291,1082348,1082362,1082792,1082837,1083628,1083634,1086011 CVE References: CVE-2017-11524,CVE-2017-12692,CVE-2017-12693,CVE-2017-13768,CVE-2017-14314,CVE-2017-14505,CVE-2017-14739,CVE-2017-15016,CVE-2017-15017,CVE-2017-16352,CVE-2017-16353,CVE-2017-18209,CVE-2017-18211,CVE-2017-9500,CVE-2018-7443,CVE-2018-7470,CVE-2018-8804 Sources used: openSUSE Leap 42.3 (src): ImageMagick-6.8.8.1-58.1