Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

imagemagick: CVE-2019-17540: heap-based buffer overflow in ReadPSInfo in coders/ps.c

Related Vulnerabilities: CVE-2019-17540  

Source

Debian Bug report logs - #942578
imagemagick: CVE-2019-17540: heap-based buffer overflow in ReadPSInfo in coders/ps.c

version graph

Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>;

Reported by: Hugo Lefeuvre <hle@debian.org>

Date: Fri, 18 Oct 2019 12:33:02 UTC

Severity: important

Found in version imagemagick/8:6.9.10.23+dfsg-2.1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#942578; Package src:imagemagick. (Fri, 18 Oct 2019 12:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Hugo Lefeuvre <hle@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Fri, 18 Oct 2019 12:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Hugo Lefeuvre <hle@debian.org>
To: submit@bugs.debian.org
Subject: imagemagick: CVE-2019-17540: heap-based buffer overflow in ReadPSInfo in coders/ps.c
Date: Fri, 18 Oct 2019 14:31:15 +0200
[Message part 1 (text/plain, inline)]
Source: imagemagick
Version: 8:6.9.10.23+dfsg-2.1
Severity: important

Hi,

imagemagick is affected by CVE-2019-17540, a heap-based buffer overflow in
ReadPSInfo in coders/ps.c.

There are very few information online regarding this vulnerability. I had a
look and found the following four commits:

https://github.com/ImageMagick/ImageMagick/commit/668d6a970553a94b0a2e378afda1d37abac94b5c
https://github.com/ImageMagick/ImageMagick/commit/9667a9034a5eeedb30dfb18cfd1083ff32fd679b
https://github.com/ImageMagick/ImageMagick/commit/73dd03cfb57f8f8c0a732fa062b9966ec7bf2f91
https://github.com/ImageMagick/ImageMagick/commit/e868e227085463932c5db32e5e0f27e306a0eb95

this looks like what we are searching for; a buffer overflow WRITE of size
1 in ReadPSInfo. I will contact Dirk Lemstra and ask for more information.

regards,
Hugo

[0] https://security-tracker.debian.org/tracker/CVE-2019-17540

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Oct 18 16:47:52 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started