Debian Bug report logs -
#870017
imagemagick: CVE-2017-12564: memory leak in mat file handler
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Fri, 28 Jul 2017 22:03:02 UTC
Severity: important
Tags: security, upstream
Found in versions imagemagick/8:6.8.9.9-5, imagemagick/8:6.7.7.10-5+deb7u14, imagemagick/8:6.9.7.4+dfsg-13, imagemagick/8:6.8.9.9-5+deb8u8, imagemagick/8:6.8.9.9-5+deb8u9
Fixed in version imagemagick/8:6.9.7.4+dfsg-14
Done: Bastien Roucariès <rouca@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://github.com/ImageMagick/ImageMagick/issues/601
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
:
Bug#870017
; Package src:imagemagick
.
(Fri, 28 Jul 2017 22:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
.
(Fri, 28 Jul 2017 22:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: team@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded: https://github.com/ImageMagick/ImageMagick/issues/601
In case of corrupted file, cloned image (temporarly image) should be freed
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u8.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Fri, 28 Jul 2017 22:03:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u9.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Fri, 28 Jul 2017 22:03:05 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5+deb7u14.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org
.
(Fri, 28 Jul 2017 22:03:06 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from roucaries.bastien@gmail.com
to control@bugs.debian.org
.
(Fri, 28 Jul 2017 22:57:03 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <rouca@debian.org>
:
You have taken responsibility.
(Fri, 28 Jul 2017 23:21:20 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>
:
Bug acknowledged by developer.
(Fri, 28 Jul 2017 23:21:20 GMT) (full text, mbox, link).
Message #18 received at 870017-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-14
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 870017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Jul 2017 00:51:39 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-14
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 869210 870012 870013 870014 870015 870016 870017 870019 870020 870021 870022 870023
Changes:
imagemagick (8:6.9.7.4+dfsg-14) unstable; urgency=high
.
* Security bugs:
+ assertion failed in DestroyImageInfo
A assertion failed in DestroyImageInfo, leading to DOS
(Closes: 870014)
+ CVE-2017-11523: endless loop in ReadTXTImage
If text image file only contains "MagickID..." line,
it will cause ReadTXTImage to infinite loop.
(Closes: #869210).
+ Memory leak in mat coder
Fix a memory leak in mat coder triggered by a special crafted file
(Closes: #870013).
+ Use of uninitialized data in ImageMagick/coders/mat.c
The coder accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.
(Closes: #870012)
+ CVE-2017-11644
A special crafted file create a memory leak in MAT file coder.
The code need to free two buffer in some exceptionnal
circonstances, instead than just one is freed
(Closes: #870016)
+ Memory leak in mat coder
A special crafted file create a memory leak in MAT coder
(Closes: #870015)
+ Memory leak in mat coder
In case of corrupted file, cloned image (temporarly image) should be freed
(Closes: #870017)
+ assertion failed in DestroyImageInfo due to mat coder
(Closes: #870019)
+ assertion failed in DestroyImage due to mat coder
(Closes: #870020)
+ Memory leak in mat coder (upstream 617)
(Closes: #870021)
+ Memory leak in mat coder (upstream 616)
(Closes: #870022)
+ Memory leak in mat coder (upstream 616)
(Closes: #870023)
Checksums-Sha1:
75247a79b7b5eb82811ab73f0ec68908a4972d8d 5137 imagemagick_6.9.7.4+dfsg-14.dsc
c40fa968ca6680bda8ef2e322334ff200a04ada5 243764 imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
3f089382844b041b9e05e540a7ab96671080be86 12823 imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Checksums-Sha256:
14c3d43d4f5d7e2ab48eeaa17ce0b1f6101e41c865d21ff67d97eccff466b343 5137 imagemagick_6.9.7.4+dfsg-14.dsc
782073edb3619f224ced0cd0996b94ce8ee89d1440cac296de034163223949f4 243764 imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
67f3fe40bd5beeedbe022e2c43d6ebc609a6a8cedeee226a0936200024244fab 12823 imagemagick_6.9.7.4+dfsg-14_source.buildinfo
Files:
6a3cd4a1a8b89dcaac1d2807d8413f0f 5137 graphics optional imagemagick_6.9.7.4+dfsg-14.dsc
f5344e2e44a79570fa428c92f9d1d8c3 243764 graphics optional imagemagick_6.9.7.4+dfsg-14.debian.tar.xz
d956b5b0e374aeea902e6e42f6533d2e 12823 graphics optional imagemagick_6.9.7.4+dfsg-14_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll7w8kACgkQADoaLapB
CF/iQQ//V0fefamog0KyW+GQuzH9rdajUUJVI+y4vxUK+HJh4fgxlkhjzjXj3WIC
TXzglgwagy9YNuELARQ6xALs+h65F9tM/6YgjtzqFMVid7gG90HfFXn0ze+aoTpC
bnzb3w4KPaR5o0NYWw7yUtpTmXMkHGdsJDvpuFap4FEiqCu7vXMplx0gBDBDw3zT
ns0x10Th4E8naIlRMVE5HJiT+FCtS30XFb/PgUnKqoywwZ1/yXcNMZIGaKN1By9p
w2uoEAKjdIxW9vVc4BZkmpRRvO+ttnEIX4zaNrG4Z1yPYKGFcD6adG6B4ntIdHHA
pKn115s1LV0vxAQJME46Frv1YqxFDWzYrNZspGf9FAU3sNnFQq624od/ZxJidxju
UPVRtZ8JGH3vAPAHnvg8q56p5I/4h5KpPIq8CBvGhg1CAveNpvkjYyg2HOUI1mm3
Vod9GnCd3WdRbvf/PINYW44T5B3SLyqElIW9yFdpgzulM98PIhrQ57qk5AYAxFjF
7V5Zu1mmD0GVvOtszfPthT5umUjnf+UZAG7gFXoxWWNq91FtiXzmYkMJsfmrB2Wb
dIflVw65wrgAfVgh4jTa0OQRE2F7Gw+0o7Q6+UXrNBDh4uL+DTGI/36tFvACrYAb
ToEDev8hnZEv529pcznbbyLAPdeFsMy2hDgf0oH3Z6EMk6aFozM=
=br7e
-----END PGP SIGNATURE-----
Marked as found in versions imagemagick/8:6.8.9.9-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 29 Jul 2017 04:45:05 GMT) (full text, mbox, link).
Changed Bug title to 'imagemagick: CVE-2017-12564: memory leak in mat file handler' from 'memory leak in mat file handler'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 05 Aug 2017 21:21:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 03 Sep 2017 07:29:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:31:28 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.