Bug 1187216 – VUL-0: CVE-2021-3596: ImageMagick: NULL pointer dereference in ReadSVGImage() in coders/svg.c

Bug 1187216 - (CVE-2021-3596) VUL-0: CVE-2021-3596: ImageMagick: NULL pointer dereference in ReadSVGImage() in coders/svg.c

(CVE-2021-3596)
Summary:	VUL-0: CVE-2021-3596: ImageMagick: NULL pointer dereference in ReadSVGImage()...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Petr Gajdos
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/301751/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-06-11 08:42 UTC by Gianluca Gabrielli
Modified:	2021-06-11 08:43 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-06-11 08:42:28 UTC

A NULL pointer dereference was found in ImageMagick in ReadSVGImage() in coders/svg.c because it does not check the return value from libxml2's xmlCreatePushParserCtxt() and use the value directly which can lead to crash and segmentation fault. This flaw affects ImageMagick versions prior to 7.0.10.31.

Reference:
https://github.com/ImageMagick/ImageMagick/issues/2624

Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1970569
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3596

Comment 1 Gianluca Gabrielli 2021-06-11 08:43:01 UTC

None of our packages is affected.