Bug 1110746 - (CVE-2018-17966) VUL-1: CVE-2018-17966: ImageMagick: Memory leak vulnerability in WritePDBImage
(CVE-2018-17966)
VUL-1: CVE-2018-17966: ImageMagick: Memory leak vulnerability in WritePDBImage
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216109/
CVSSv3:SUSE:CVE-2018-17966:3.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-04 11:51 UTC by Johannes Segitz
Modified: 2021-10-04 16:41 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-10-04 11:51:28 UTC
CVE-2018-17966

memory leak vulnerability in WritePDBImage in coders/pdb.c.
https://github.com/ImageMagick/ImageMagick/issues/1050

SLE 12/15 from what I can see

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17966
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17966.html
Comment 1 Petr Gajdos 2018-10-10 06:08:26 UTC
Reported new issue upstream
https://github.com/ImageMagick/ImageMagick/issues/1345
Comment 2 Petr Gajdos 2018-10-10 09:13:23 UTC
(In reply to Johannes Segitz from comment #0)
> SLE 12/15 from what I can see

Even if I agree with this conclusion, my understanding of CVE-2018-17966 is a bit broader and I will submit also for 11/{Graphics,Image}Magick versions.
Comment 3 Petr Gajdos 2018-10-10 09:17:11 UTC
Will submit for 15,12,11/ImageMagick and 11/GraphicsMagick.

Newer versions of GraphicsMagick are not affected.
Comment 4 Petr Gajdos 2018-10-12 17:02:25 UTC
Packages submitted.
I believe all fixed.
Comment 9 Swamp Workflow Management 2018-10-17 10:11:53 UTC
SUSE-SU-2018:3191-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.82.1
Comment 10 Swamp Workflow Management 2018-10-18 17:27:07 UTC
openSUSE-SU-2018:3225-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1098545,1098546,1110746,1110747,1111069,1111072
CVE References: CVE-2017-13058,CVE-2018-12599,CVE-2018-12600,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-73.1
Comment 11 Swamp Workflow Management 2018-10-22 13:13:43 UTC
SUSE-SU-2018:3269-1: An update that fixes 12 vulnerabilities is now available.

Category: security (low)
Bug References: 1106855,1107604,1107609,1107612,1107616,1107619,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2018-16323,CVE-2018-16640,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-78.72.1
Comment 14 Swamp Workflow Management 2018-10-23 19:19:27 UTC
SUSE-SU-2018:3348-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1074170,1106855,1106989,1107604,1107609,1107612,1107616,1108282,1108283,1110746,1110747,1111069,1111072
CVE References: CVE-2017-17934,CVE-2018-16323,CVE-2018-16413,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,CVE-2018-16749,CVE-2018-16750,CVE-2018-17965,CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.74.1
Comment 15 Marcus Meissner 2018-10-26 06:41:11 UTC
released
Comment 17 Swamp Workflow Management 2018-11-13 14:11:53 UTC
SUSE-SU-2018:3753-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106254,1110746,1111069,1111072
CVE References: CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.34.3
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.34.3
Comment 18 Swamp Workflow Management 2018-11-16 23:11:06 UTC
openSUSE-SU-2018:3797-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1106254,1110746,1111069,1111072
CVE References: CVE-2018-17966,CVE-2018-18016,CVE-2018-18024
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.21.1
Comment 19 OBSbugzilla Bot 2021-10-04 16:41:56 UTC
This is an autogenerated message for OBS integration:
This bug (1110746) was mentioned in
https://build.opensuse.org/request/show/923064 Factory / ImageMagick