Bug 1133501 - (CVE-2019-11505) VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly
(CVE-2019-11505)
VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/230257/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-26 08:54 UTC by Marcus Meissner
Modified: 2019-07-10 05:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
heap-buffer-overflow-WritePDBImage (532 bytes, text/plain)
2019-04-26 08:56 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-26 08:54:42 UTC
CVE-2019-11505

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a
heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which
allows an attacker to cause a denial of service or possibly have unspecified
other impact via a crafted image file. This is related to
MagickBitStreamMSBWrite in magick/bit_stream.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11505
http://www.securityfocus.com/bid/108063
https://sourceforge.net/p/graphicsmagick/bugs/605/
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a
Comment 1 Marcus Meissner 2019-04-26 08:56:15 UTC
Created attachment 803667 [details]
heap-buffer-overflow-WritePDBImage

QA REPRODUCER:

gm convert heap-buffer-overflow-WritePDBImage test.pdb

should not report heap corruption backtrace

(IM not affected I think)
Comment 2 Petr Gajdos 2019-04-29 14:38:48 UTC
BEFORE

15.0,42.3/GraphicsMagick

$ gm convert heap-buffer-overflow-WritePDBImage out.pdb
*** Error in `gm': free(): invalid pointer: 0x000055a594927f50 ***
gm convert: abort due to signal 6 (SIGABRT) "Abort"...
Aborted (core dumped)
$

12,15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
convert: improper image header `heap-buffer-overflow-WritePDBImage' @ error/miff.c/ReadMIFFImage/1119.
$

PATCH

GraphicsMagick: referenced in comment 0
ImageMagick: there is a similar commit
https://github.com/ImageMagick/ImageMagick/commit/d19acd3a822624ca35794a725c325ebe6a3e4057

AFTER

15.0,42.3/GraphicsMagick

$ gm convert heap-buffer-overflow-WritePDBImage out.pdb
gm convert: Improper image header (heap-buffer-overflow-WritePDBImage).
$

12,15/ImageMagick

$ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
convert: improper image header `heap-buffer-overflow-WritePDBImage' @ error/miff.c/ReadMIFFImage/1119.
$
[no change]
Comment 3 Petr Gajdos 2019-04-29 14:39:23 UTC
Will submit for 15.0,42.3/GraphicsMagick and 12,15/ImageMagick.
Comment 4 Swamp Workflow Management 2019-04-30 11:50:29 UTC
This is an autogenerated message for OBS integration:
This bug (1133501) was mentioned in
https://build.opensuse.org/request/show/699628 15.0 / GraphicsMagick
https://build.opensuse.org/request/show/699629 42.3 / GraphicsMagick
Comment 8 Petr Gajdos 2019-05-02 09:20:29 UTC
I believe all fixed.
Comment 10 Swamp Workflow Management 2019-05-09 13:10:05 UTC
openSUSE-SU-2019:1354-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 15.0 (src):    GraphicsMagick-1.3.29-lp150.3.28.1
Comment 11 Swamp Workflow Management 2019-05-09 13:11:13 UTC
openSUSE-SU-2019:1355-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Leap 42.3 (src):    GraphicsMagick-1.3.25-135.1
Comment 12 Swamp Workflow Management 2019-05-10 19:19:13 UTC
SUSE-SU-2019:14043-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1130330,1131317,1132053,1132060,1133204,1133205,1133498,1133501
CVE References: CVE-2019-10650,CVE-2019-11007,CVE-2019-11009,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-9956
Sources used:
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-78.97.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-05-22 22:09:55 UTC
openSUSE-SU-2019:1437-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1132053,1132054,1133202,1133203,1133498,1133501
CVE References: CVE-2019-11008,CVE-2019-11009,CVE-2019-11473,CVE-2019-11474,CVE-2019-11505,CVE-2019-11506
Sources used:
openSUSE Backports SLE-15 (src):    GraphicsMagick-1.3.29-bp150.2.21.1
Comment 17 Swamp Workflow Management 2019-05-28 13:31:31 UTC
This is an autogenerated message for OBS integration:
This bug (1133501) was mentioned in
https://build.opensuse.org/request/show/705902 15.1 / GraphicsMagick
Comment 19 Swamp Workflow Management 2019-06-17 19:16:34 UTC
SUSE-SU-2019:1523-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1136183,1136732
CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ImageMagick-7.0.7.34-3.61.3
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.61.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2019-06-24 13:27:52 UTC
openSUSE-SU-2019:1603-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1136183,1136732
CVE References: CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11598
Sources used:
openSUSE Leap 15.1 (src):    ImageMagick-7.0.7.34-lp151.7.3.1
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.32.1
Comment 23 Petr Gajdos 2019-06-24 19:38:06 UTC
(In reply to Petr Gajdos from comment #2)
> 12,15/ImageMagick
> 
> $ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
> convert: improper image header `heap-buffer-overflow-WritePDBImage' @
> error/miff.c/ReadMIFFImage/1119.
> $
[...]
> 12,15/ImageMagick
> 
> $ valgrind  -q convert heap-buffer-overflow-WritePDBImage out.pdb
> convert: improper image header `heap-buffer-overflow-WritePDBImage' @
> error/miff.c/ReadMIFFImage/1119.
> $
> [no change]

QA: I hope that from above it is clear that for ImageMagick the output before and after is the same.
Comment 24 Swamp Workflow Management 2019-06-25 19:12:26 UTC
SUSE-SU-2019:1712-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464
CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Server 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Server 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    ImageMagick-6.8.8.1-71.123.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    ImageMagick-6.8.8.1-71.123.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2019-07-01 16:14:30 UTC
openSUSE-SU-2019:1683-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1133204,1133205,1133498,1133501,1134075,1135232,1135236,1136183,1136732,1138425,1138464
CVE References: CVE-2017-12805,CVE-2017-12806,CVE-2019-10131,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,CVE-2019-11506,CVE-2019-11597,CVE-2019-11598
Sources used:
openSUSE Leap 42.3 (src):    ImageMagick-6.8.8.1-85.1
Comment 26 Marcus Meissner 2019-07-10 05:36:44 UTC
released