Bug 1036986 – VUL-1: CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c)

Bug 1036986 - (CVE-2017-8351) VUL-1: CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c)

(CVE-2017-8351)
Summary:	VUL-1: CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	unspecified
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2017-8351:4.3:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-04-30 20:30 UTC by Mikhail Kasimov
Modified:	2017-08-14 08:19 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2017-8351_memory-leak-in-ReadPCDImage-9_testcase (770.00 KB, image/x-photo-cd) 2017-04-30 20:30 UTC, Mikhail Kasimov	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail Kasimov 2017-04-30 20:30:08 UTC

Created attachment 723259 [details]
CVE-2017-8351_memory-leak-in-ReadPCDImage-9_testcase

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8351
====================================================
Description

In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Source:  MITRE      Last Modified:  04/30/2017
====================================================

Hyperlink

[1] https://github.com/ImageMagick/ImageMagick/issues/448

[2] Testcase: https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadPCDImage-9.pcd

[3] https://github.com/ImageMagick/ImageMagick/commit/23071f835d44e661177957fde0add67db7788a69 (ImageMagick-6)

(open-)SUSE: https://software.opensuse.org/package/ImageMagick

7.0.5.4 (TW, official repo)
6.8.8.1 (42.{1,2}, official repo)

Comment 1 Petr Gajdos 2017-05-11 11:41:45 UTC

For 12/ImageMagick:

BEFORE

$ valgrind --leak-check=full identify memory-leak-in-ReadPCDImage-9.pcd
[..]
==23568== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$

AFTER

$ valgrind --leak-check=full identify memory-leak-in-ReadPCDImage-9.pcd
[..]
==8818== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
$

Similarly for 11/ImageMagick, 11/GraphicsMagick, 42.1/GraphicsMagick and 42.2/GraphicsMagick.

Comment 2 Petr Gajdos 2017-05-17 15:13:02 UTC

I believe all fixed.

Comment 4 Bernhard Wiedemann 2017-05-17 16:03:52 UTC

This is an autogenerated message for OBS integration:
This bug (1036986) was mentioned in
https://build.opensuse.org/request/show/495650 42.2 / GraphicsMagick

Comment 6 Swamp Workflow Management 2017-05-26 10:09:05 UTC

openSUSE-SU-2017:1413-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1036985,1036986,1036988,1036990
CVE References: CVE-2017-8350,CVE-2017-8351,CVE-2017-8353,CVE-2017-8355
Sources used:
openSUSE Leap 42.2 (src):    GraphicsMagick-1.3.25-11.6.1

Comment 9 Swamp Workflow Management 2017-06-06 16:13:13 UTC

SUSE-SU-2017:1489-1: An update that fixes 27 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028075,1033091,1034870,1034872,1034876,1036976,1036977,1036978,1036980,1036981,1036982,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1036991,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2017-6502,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8343,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8347,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8356,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-70.1

Comment 11 Swamp Workflow Management 2017-06-14 13:13:01 UTC

openSUSE-SU-2017:1560-1: An update that fixes 27 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028075,1033091,1034870,1034872,1034876,1036976,1036977,1036978,1036980,1036981,1036982,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1036991,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2017-6502,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8343,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8347,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8356,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
openSUSE Leap 42.2 (src):    ImageMagick-6.8.8.1-30.3.1

Comment 12 Swamp Workflow Management 2017-06-19 10:11:58 UTC

SUSE-SU-2017:1599-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033091,1034870,1034872,1034876,1036976,1036978,1036980,1036981,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2014-9846,CVE-2016-10050,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1

Comment 13 Swamp Workflow Management 2017-06-19 13:11:17 UTC

SUSE-SU-2017:1600-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033091,1034876,1036978,1036980,1036981,1036984,1036985,1036986,1036987,1036988,1036990,1037527,1038000,1040025,1040304,1040332,984144
CVE References: CVE-2014-9847,CVE-2017-7606,CVE-2017-7941,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8355,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9142,CVE-2017-9144
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.77.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.77.1

Comment 14 Marcus Meissner 2017-06-20 07:55:41 UTC

released

Comment 15 Petr Gajdos 2017-08-14 08:19:30 UTC

This issue seem to still be present in the latest state of GraphicsMagick mercurial repo.

Upstream notified.