First Last Prev Next    This bug is not in your last search results.
Bug 1094204 - (CVE-2017-18271) VUL-1: CVE-2017-18271: GraphicsMagick, ImageMagick: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service
(CVE-2017-18271)
VUL-1: CVE-2017-18271: GraphicsMagick, ImageMagick: Infinite loop in the func...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/206158/
CVSSv3:SUSE:CVE-2017-18271:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-22 12:56 UTC by Johannes Segitz
Modified: 2018-10-07 14:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (282 bytes, text/plain)
2018-05-22 13:22 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-05-22 12:56:22 UTC 
CVE-2017-18271

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability
was found in the function ReadMIFFImage in coders/miff.c, which allows attackers
to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

Reproducer: convert cpu-exhaustion-ReadMIFFImage /dev/null
hangs

All codestreams affected

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18271
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18271.html
https://github.com/ImageMagick/ImageMagick/issues/911
Comment 1 Johannes Segitz 2018-05-22 13:22:39 UTC 
Created attachment 770988 [details]
Reproducer
Comment 2 Petr Gajdos 2018-05-23 09:08:56 UTC 
(In reply to Johannes Segitz from comment #0)
> Reproducer: convert cpu-exhaustion-ReadMIFFImage /dev/null
> hangs
> 
> All codestreams affected

Yes, including HG/GraphicsMagick. No temporary file is created and growing.
Comment 3 Petr Gajdos 2018-05-23 09:56:44 UTC 
BEFORE

see comment 0

PATCH

https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e

AFTER

11,12/ImageMagick

$ convert cpu-exhaustion-ReadMIFFImage /dev/null
094204: unexpected end-of-file `cpu-exhaustion-ReadMIFFImage': No such file or directory @ error/miff.c/ReadMIFFImage/1610.
$

11,42.3/GraphicsMagick

$ gm convert cpu-exhaustion-ReadMIFFImage /dev/null           
gm convert: Unexpected end-of-file (cpu-exhaustion-ReadMIFFImage).
$
Comment 4 Petr Gajdos 2018-05-23 09:57:17 UTC 
Filled GraphicsMagick upstream bug:
https://sourceforge.net/p/graphicsmagick/bugs/565/
Comment 5 Petr Gajdos 2018-05-23 09:59:14 UTC 
15* have the change already in.

Will submit for 12/ImageMagick, 11/ImageMagick, 11/GraphicsMagick and 42.3/GraphicsMagick.
Comment 6 Petr Gajdos 2018-05-23 13:07:00 UTC 
Packages submitted.
Comment 8 Swamp Workflow Management 2018-05-23 13:40:21 UTC 
This is an autogenerated message for OBS integration:
This bug (1094204) was mentioned in
https://build.opensuse.org/request/show/611648 42.3 / GraphicsMagick
Comment 9 Swamp Workflow Management 2018-05-28 10:08:28 UTC 
openSUSE-SU-2018:1439-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1094204
CVE References: CVE-2017-18271
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-90.1
Comment 17 Swamp Workflow Management 2018-06-29 19:08:55 UTC 
SUSE-SU-2018:1851-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047356,1056277,1087820,1094204,1094237,1095730,1095812,1095813
CVE References: CVE-2017-10928,CVE-2017-13758,CVE-2017-18271,CVE-2018-10804,CVE-2018-10805,CVE-2018-11251,CVE-2018-11655,CVE-2018-9133
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.65.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.65.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.65.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.65.1
Comment 18 Swamp Workflow Management 2018-06-30 13:09:26 UTC 
openSUSE-SU-2018:1860-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047356,1056277,1087820,1094204,1094237,1095730,1095812,1095813
CVE References: CVE-2017-10928,CVE-2017-13758,CVE-2017-18271,CVE-2018-10804,CVE-2018-10805,CVE-2018-11251,CVE-2018-11655,CVE-2018-9133
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-64.1
Comment 21 Swamp Workflow Management 2018-08-16 19:15:39 UTC 
SUSE-SU-2018:2390-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056277,1094204,1095812,1102007
CVE References: CVE-2017-13758,CVE-2017-18271,CVE-2018-10805,CVE-2018-14435
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.61.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.61.1
Comment 22 Swamp Workflow Management 2018-08-21 10:12:42 UTC 
SUSE-SU-2018:2465-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056277,1094204,1094237,1095812,1098545,1098546,1102003,1102004,1102005,1102007
CVE References: CVE-2017-13758,CVE-2017-18271,CVE-2018-10805,CVE-2018-11251,CVE-2018-12599,CVE-2018-12600,CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
Comment 23 Marcus Meissner 2018-10-05 06:22:58 UTC 
released
First Last Prev Next    This bug is not in your last search results.