Bug 1181697 - (CVE-2020-27829) VUL-1: CVE-2020-27829: ImageMagick: heap buffer overflow in coders/tiff.c
(CVE-2020-27829)
VUL-1: CVE-2020-27829: ImageMagick: heap buffer overflow in coders/tiff.c
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Petr Gajdos
Security Team bot
https://smash.suse.de/issue/276822/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-02 12:48 UTC by Alexandros Toptsoglou
Modified: 2021-02-02 12:52 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-02-02 12:48:30 UTC
CVE-2020-27829

A flaw was found in ImageMagick 7.0.10-45. A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service.

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1922525
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27829
https://access.redhat.com/security/cve/CVE-2020-27829
Comment 1 Alexandros Toptsoglou 2021-02-02 12:52:09 UTC
I think the issue introduced in [1] that is version 7.0.9-18 and fixed at [2] in version 7.0.10-46.  Based on this our internal codestreams are not affected and Factory already ships a fixed version. 

[1] https://github.com/ImageMagick/ImageMagick/commit/59125f0af71ea162da80e14fb4bc44ca7c4a8038 
[2] https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0