Bug 1146213 – VUL-1: CVE-2019-15139: ImageMagick: The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage

Bug 1146213 - (CVE-2019-15139) VUL-1: CVE-2019-15139: ImageMagick: The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage

(CVE-2019-15139)
Summary:	VUL-1: CVE-2019-15139: ImageMagick: The XWD image (X Window System window dum...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/240404/
Whiteboard:	CVSSv3:SUSE:CVE-2019-15139:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-08-19 15:24 UTC by Wolfgang Frisch
Modified:	2020-05-12 14:16 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
PoC-read_xwd.c_573_1.xwd (104 bytes, application/octet-stream) 2019-08-20 14:41 UTC, Wolfgang Frisch	Details
PoC-read_xwd.c_573_2.xwd (1.37 KB, application/octet-stream) 2019-08-20 14:41 UTC, Wolfgang Frisch	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-08-19 15:24:37 UTC

CVE-2019-15139

The XWD image (X Window System window dumping file) parsing component in
ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service
(application crash resulting from an out-of-bounds Read) in ReadXWDImage in
coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability
than CVE-2019-11472.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15139
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15139
https://github.com/ImageMagick/ImageMagick/issues/1553
https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7

Comment 1 Wolfgang Frisch 2019-08-20 14:41:04 UTC

Created attachment 814762 [details]
PoC-read_xwd.c_573_1.xwd

Reproducer usage:
identity -verbose $FILE
or
convert $FILE /dev/null

Comment 2 Wolfgang Frisch 2019-08-20 14:41:31 UTC

Created attachment 814763 [details]
PoC-read_xwd.c_573_2.xwd

PoC-read_xwd.c_573_2.xwd

Reproducer usage:
identity -verbose $FILE
or
convert $FILE /dev/null

Comment 4 Petr Gajdos 2019-09-05 09:31:51 UTC

Yes, both ASAN for 15/ImageMagick and valgrind for 15,12,11/ImageMagick are silent, no errors reported.

Comment 5 Petr Gajdos 2019-09-05 09:56:04 UTC

15,12/ImageMagick: patch backported
11/ImageMagick:    patch already submitted as fix for CVE-2019-11472, so I will
                   just rename the patch

Comment 6 Petr Gajdos 2019-09-05 10:05:50 UTC

Will submit for: 15,12,11/ImageMagick.

Comment 7 Petr Gajdos 2019-09-05 10:09:29 UTC

GraphicsMagick: ASAN is silent for both test cases, considering unaffected

Comment 8 Petr Gajdos 2019-09-05 10:26:10 UTC

I believe all fixed.

Comment 11 Swamp Workflow Management 2019-10-25 16:22:28 UTC

SUSE-SU-2019:2785-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146068,1146211,1146212,1146213,1151781,1151782,1151783,1151784,1151785,1151786
CVE References: CVE-2019-14980,CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    ImageMagick-6.8.8.1-71.131.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ImageMagick-6.8.8.1-71.131.1
SUSE Linux Enterprise Server 12-SP4 (src):    ImageMagick-6.8.8.1-71.131.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    ImageMagick-6.8.8.1-71.131.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2019-11-05 14:15:11 UTC

SUSE-SU-2019:2896-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146065,1146068,1146211,1146212,1146213,1151781,1151782,1151783,1151784,1151785,1151786
CVE References: CVE-2019-14980,CVE-2019-14981,CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ImageMagick-7.0.7.34-3.72.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ImageMagick-7.0.7.34-3.72.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2019-11-14 20:12:17 UTC

SUSE-SU-2019:2785-2: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146068,1146211,1146212,1146213,1151781,1151782,1151783,1151784,1151785,1151786
CVE References: CVE-2019-14980,CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    ImageMagick-6.8.8.1-71.131.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    ImageMagick-6.8.8.1-71.131.1
SUSE Linux Enterprise Server 12-SP5 (src):    ImageMagick-6.8.8.1-71.131.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2019-11-15 11:12:20 UTC

openSUSE-SU-2019:2515-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146065,1146068,1146211,1146212,1146213,1151781,1151782,1151783,1151784,1151785,1151786
CVE References: CVE-2019-14980,CVE-2019-14981,CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713
Sources used:
openSUSE Leap 15.1 (src):    ImageMagick-7.0.7.34-lp151.7.12.1

Comment 15 Swamp Workflow Management 2019-11-16 14:11:29 UTC

openSUSE-SU-2019:2519-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1146065,1146068,1146211,1146212,1146213,1151781,1151782,1151783,1151784,1151785,1151786
CVE References: CVE-2019-14980,CVE-2019-14981,CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713
Sources used:
openSUSE Leap 15.0 (src):    ImageMagick-7.0.7.34-lp150.2.41.1

Comment 16 Alexandros Toptsoglou 2020-05-12 14:16:31 UTC

Done