First Last Prev Next    This bug is not in your last search results.
Bug 1089781 - (CVE-2018-10177) VUL-0: CVE-2018-10177: GraphicsMagick,ImageMagick: In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service
(CVE-2018-10177)
VUL-0: CVE-2018-10177: GraphicsMagick,ImageMagick: In ImageMagick 7.0.7-28, t...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/204077/
CVSSv3:SUSE:CVE-2018-10177:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-17 05:08 UTC by Marcus Meissner
Modified: 2018-05-10 22:43 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng (3.68 KB, video/x-mng)
2018-04-17 05:18 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-17 05:08:14 UTC 
CVE-2018-10177

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage
function of the coders/png.c file. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted mng file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10177
http://www.cvedetails.com/cve/CVE-2018-10177/
https://github.com/ImageMagick/ImageMagick/issues/1095
Comment 1 Marcus Meissner 2018-04-17 05:18:22 UTC 
Created attachment 767346 [details]
imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng

QA REPRODUCER:

ImageMagick:

convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng foo.png

GraphicsMagick:

gm convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng foo.png


BEFORE: hangs forever ... AFTER: does not hang forever
Comment 2 Marcus Meissner 2018-04-17 05:18:37 UTC 
seems to hang both imagemagick and graphicsmagick all versions
Comment 3 Petr Gajdos 2018-04-20 11:46:18 UTC 
BEFORE
  
What to add to comment 1?

PATCH

https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02

Unfortunately this patch does not work as is for GraphicsMagick. I have notified upstream and will try to look at it next week.


AFTER

12/ImageMagick

$ convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng output.png
089781: insufficient image data in file `imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng' @ error/png.c/ReadOneMNGImage/5227.
089781: no images defined `output.png' @ error/convert.c/ConvertImageCommand/3149.
$

11/ImageMagick

$ convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng output.png
convert: Insufficient image data in file `imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng'.
convert: missing an image filename `output.png'.
$
Comment 7 Petr Gajdos 2018-04-30 08:27:28 UTC 
GraphicsMagick upstream commit:
http://hg.code.sf.net/p/graphicsmagick/code/rev/c96322c6800a
Comment 8 Petr Gajdos 2018-04-30 08:33:49 UTC 
AFTER

42.3/GraphicsMagick

$ gm convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng foo.png
gm convert: Image sequence is required (unable to coalesce image).
$
[returns immediately]

11/GraphicsMagick

$ gm convert imagemagick_7-0-7_convert_infinite-loop_ReadOneMNGImage.mng foo.png            
gm convert: Image sequence is required (unable to coalesce image).
$
Comment 9 Petr Gajdos 2018-04-30 08:34:50 UTC 
Submitted for 12/ImageMagick, 11/ImageMagick, 11/GraphicsMagick and 42.3/GraphicsMagick.
Comment 10 Petr Gajdos 2018-04-30 08:39:49 UTC 
I believe all fixed.
Comment 12 Swamp Workflow Management 2018-04-30 09:10:30 UTC 
This is an autogenerated message for OBS integration:
This bug (1089781) was mentioned in
https://build.opensuse.org/request/show/602464 42.3 / GraphicsMagick
Comment 13 Swamp Workflow Management 2018-05-02 10:14:15 UTC 
openSUSE-SU-2018:1123-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050623,1055010,1080522,1085236,1086773,1087027,1087037,1089781
CVE References: CVE-2017-11641,CVE-2017-13066,CVE-2017-18229,CVE-2017-18251,CVE-2017-18254,CVE-2018-10177,CVE-2018-6799,CVE-2018-9018
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-87.1
Comment 14 Swamp Workflow Management 2018-05-02 19:09:54 UTC 
SUSE-SU-2018:1129-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047356,1086773,1086782,1087027,1087033,1087037,1089781
CVE References: CVE-2017-1000476,CVE-2017-10928,CVE-2017-18251,CVE-2017-18252,CVE-2017-18254,CVE-2018-10177,CVE-2018-8960,CVE-2018-9018
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.45.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.45.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.45.1
Comment 15 Swamp Workflow Management 2018-05-08 13:08:06 UTC 
SUSE-SU-2018:1163-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050623,1055010,1085236,1089781
CVE References: CVE-2017-11641,CVE-2017-13066,CVE-2017-18229,CVE-2018-10177
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.52.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.52.1
Comment 16 Marcus Meissner 2018-05-09 14:45:38 UTC 
released
Comment 17 Swamp Workflow Management 2018-05-09 16:12:27 UTC 
SUSE-SU-2018:1178-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047356,1058635,1074117,1086773,1086782,1087027,1087033,1087037,1087039,1087825,1089781
CVE References: CVE-2017-1000476,CVE-2017-10928,CVE-2017-11450,CVE-2017-14325,CVE-2017-17887,CVE-2017-18250,CVE-2017-18251,CVE-2017-18252,CVE-2017-18254,CVE-2018-10177,CVE-2018-8960,CVE-2018-9018,CVE-2018-9135
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.54.5
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.54.5
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.54.5
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.54.5
Comment 18 Swamp Workflow Management 2018-05-10 22:09:13 UTC 
openSUSE-SU-2018:1205-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047356,1058635,1074117,1086773,1086782,1087027,1087033,1087037,1087039,1087825,1089781
CVE References: CVE-2017-1000476,CVE-2017-10928,CVE-2017-11450,CVE-2017-14325,CVE-2017-17887,CVE-2017-18250,CVE-2017-18251,CVE-2017-18252,CVE-2017-18254,CVE-2018-10177,CVE-2018-8960,CVE-2018-9018,CVE-2018-9135
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-61.2
First Last Prev Next    This bug is not in your last search results.