Bug 1102004 - (CVE-2018-14437) VUL-1: CVE-2018-14437: GraphicsMagick,ImageMagick: memory leak in parse8BIM in coders/meta.c.
(CVE-2018-14437)
VUL-1: CVE-2018-14437: GraphicsMagick,ImageMagick: memory leak in parse8BIM i...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/211199/
CVSSv3:SUSE:CVE-2018-14437:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-20 07:31 UTC by Karol Babioch
Modified: 2021-10-05 10:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-07-20 07:31:16 UTC
CVE-2018-14437

ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14437
https://github.com/ImageMagick/ImageMagick/issues/1190
Comment 1 Petr Gajdos 2018-08-07 12:50:23 UTC
*/ImageMagick: affected
*/GraphicsMagick: does not return, just goto end of the function, not affected
Comment 2 Petr Gajdos 2018-08-07 12:56:42 UTC
No testcase.
Comment 3 Petr Gajdos 2018-08-07 14:08:56 UTC
Will submit for 15,12,11/ImageMagick.
Comment 5 Petr Gajdos 2018-08-08 09:37:28 UTC
Packages submitted.
Comment 7 Swamp Workflow Management 2018-08-21 10:13:34 UTC
SUSE-SU-2018:2465-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056277,1094204,1094237,1095812,1098545,1098546,1102003,1102004,1102005,1102007
CVE References: CVE-2017-13758,CVE-2017-18271,CVE-2018-10805,CVE-2018-11251,CVE-2018-12599,CVE-2018-12600,CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.56.1
Comment 8 Swamp Workflow Management 2018-08-22 10:12:15 UTC
SUSE-SU-2018:2475-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1094741,1102003,1102004,1102005,1102007
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.14.1
Comment 10 Swamp Workflow Management 2018-08-24 22:09:05 UTC
openSUSE-SU-2018:2503-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1094741,1102003,1102004,1102005,1102007
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.9.1
Comment 17 Swamp Workflow Management 2018-09-21 10:13:08 UTC
SUSE-SU-2018:2778-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.74.1
Comment 18 Swamp Workflow Management 2018-09-24 10:08:46 UTC
openSUSE-SU-2018:2811-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1102003,1102004,1102005,1102007,1105592,1106855,1106858
CVE References: CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,CVE-2018-16329
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-67.1
Comment 19 Marcus Meissner 2018-10-05 06:33:14 UTC
released
Comment 20 OBSbugzilla Bot 2021-10-04 16:40:47 UTC
This is an autogenerated message for OBS integration:
This bug (1102004) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick
Comment 21 OBSbugzilla Bot 2021-10-05 10:40:46 UTC
This is an autogenerated message for OBS integration:
This bug (1102004) was mentioned in
https://build.opensuse.org/request/show/923178 Factory / ImageMagick