Debian Bug report logs -
#879999
graphicsmagick: CVE-2017-15930: Null pointer dereference while transferring JPEG scanlines
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#879999; Package src:graphicsmagick.
(Sat, 28 Oct 2017 07:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Sat, 28 Oct 2017 07:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Version: 1.3.26-15
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/518/
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2017-15930[0]:
| In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null
| Pointer Dereference occurs while transferring JPEG scanlines, related
| to a PixelPacket pointer.
While testing I was as well not able to reach the NULL pointer
dereference but made the same observation as Bob Friesenhahn, that
graphicsmagick spends a lot of time convertingthe image crating a huge
temporary file, in my case reaching no space left on /tmp and
aborting with
/usr/bin/gm convert: Unable to sync cache (check temporary file disk space) (null_pointer_ReadOneJNGImage) [No space left on device].
but looking at the code the issue look spresent to be at least in
1.3.26-15. Possibly earlier, please adjust the affected versions as
needed in the BTS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15930
[1] https://sourceforge.net/p/graphicsmagick/bugs/518/
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#879999; Package src:graphicsmagick.
(Sat, 28 Oct 2017 14:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Bob Friesenhahn <bfriesen@simple.dallas.tx.us>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Sat, 28 Oct 2017 14:36:03 GMT) (full text, mbox, link).
Message #10 received at 879999@bugs.debian.org (full text, mbox, reply):
On Sat, 28 Oct 2017, Salvatore Bonaccorso wrote:
>
> While testing I was as well not able to reach the NULL pointer
> dereference but made the same observation as Bob Friesenhahn, that
> graphicsmagick spends a lot of time convertingthe image crating a huge
> temporary file, in my case reaching no space left on /tmp and
> aborting with
The null pointer dereference can be made to happen by applying a
pixels resource limit. Normally limits make things safer but in this
case it causes an error which results in a null pointer.
The latest version of the code rejects the file supplied as being
impossibly small given the pixel dimensions.
Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility.
(Sat, 28 Oct 2017 20:54:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 28 Oct 2017 20:54:07 GMT) (full text, mbox, link).
Message #15 received at 879999-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Source-Version: 1.3.26-16
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 879999@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 28 Oct 2017 17:54:09 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-16
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 879999
Changes:
graphicsmagick (1.3.26-16) unstable; urgency=high
.
* Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
scanlines (closes: #879999).
Checksums-Sha1:
2f02244683c3b1a9a74d6ff05a302b96819f9096 2801 graphicsmagick_1.3.26-16.dsc
90fcfb63fa3ccd2ad1aa7e6b71cb1907847ecd3d 163204 graphicsmagick_1.3.26-16.debian.tar.xz
c4a3e31456c4b6c099416b22738e5e7afc9903c7 3177920 graphicsmagick-dbg_1.3.26-16_amd64.deb
99e06042d5546a039e08fc9d281dce7ff76c3d19 25924 graphicsmagick-imagemagick-compat_1.3.26-16_all.deb
7d658cfdedde16138f02886ed901e7d868716e39 29332 graphicsmagick-libmagick-dev-compat_1.3.26-16_all.deb
4daa73d51be04f728820ac5135c23c1cdc10f169 11493 graphicsmagick_1.3.26-16_amd64.buildinfo
f8961fed779115abc54d3167c48ef0fc32597ffd 867800 graphicsmagick_1.3.26-16_amd64.deb
4306fdf4b8033eae508c1321103eafeb347b821d 72696 libgraphics-magick-perl_1.3.26-16_amd64.deb
f15090a0dd8ad99970d231b1b66276771541b917 120132 libgraphicsmagick++-q16-12_1.3.26-16_amd64.deb
12a6c94bf40c0109550aa687b1e776b1313ea0b2 305124 libgraphicsmagick++1-dev_1.3.26-16_amd64.deb
b1f8910923cba1b94d4f15acb963be183482c320 1115624 libgraphicsmagick-q16-3_1.3.26-16_amd64.deb
9051947bb353c139fc13aa531e1eb5b56b4b301f 1340052 libgraphicsmagick1-dev_1.3.26-16_amd64.deb
Checksums-Sha256:
80ba3ebd222ce3556d6c97e71c36ba4b62d940e9349532f9abc83a3ed97615d0 2801 graphicsmagick_1.3.26-16.dsc
5c2425f0ede5f33186871bcff1b98551a887ad63b46cee975a94b16c008c21bc 163204 graphicsmagick_1.3.26-16.debian.tar.xz
d4fdd6d96779ad933afef32e40f13c47cae4cc4f3d438b9319ece96cbaeaa1df 3177920 graphicsmagick-dbg_1.3.26-16_amd64.deb
9bfcab796be772a08c3762abac78a6f00cdbe9a8cf4b86c0a98d916183212b9f 25924 graphicsmagick-imagemagick-compat_1.3.26-16_all.deb
378c3b2abbb271626bd930ccbbb640ff8a013e90fff8c933e8ff60b99efcf4de 29332 graphicsmagick-libmagick-dev-compat_1.3.26-16_all.deb
660ee5f7c95278b2e1826b7e0c13cc9cb2881129c3fbac19a03a27ee846d98e5 11493 graphicsmagick_1.3.26-16_amd64.buildinfo
8240122be55bbdbf47f7f6611eb3183ac1654e5d6f2940d1fbfff2caae7c2361 867800 graphicsmagick_1.3.26-16_amd64.deb
f19c0b187c45a3b7f38b197c57660ed46802d19e3a7d44318f185962306943be 72696 libgraphics-magick-perl_1.3.26-16_amd64.deb
5ba0d975e5b3bd1d5c8b0b00c53fa794193505e8d49fb5176e2f2ec08bc382e6 120132 libgraphicsmagick++-q16-12_1.3.26-16_amd64.deb
d7cf7856f5e3df1e45388cc6aa7baabe5bd7bd3205c332be07b864c5e2787b30 305124 libgraphicsmagick++1-dev_1.3.26-16_amd64.deb
f0fbe6795496e73466e7f719e2c468349c625e78054f88addb27c89a46dc5634 1115624 libgraphicsmagick-q16-3_1.3.26-16_amd64.deb
153f5299c33dac7450685bebb80f54c8af5b2ad26ca5b4d249279c5a540394bd 1340052 libgraphicsmagick1-dev_1.3.26-16_amd64.deb
Files:
4570041c0c3e8f97d6e75ca65e8e1f0f 2801 graphics optional graphicsmagick_1.3.26-16.dsc
4dc4aad943a3a7662bd1fd0fe2a97542 163204 graphics optional graphicsmagick_1.3.26-16.debian.tar.xz
e5ae28b3e8efae3809eebb13c0d6eb1c 3177920 debug optional graphicsmagick-dbg_1.3.26-16_amd64.deb
f9615b6c5d143acdcf42c41a3c0bed1e 25924 graphics optional graphicsmagick-imagemagick-compat_1.3.26-16_all.deb
251d5c1f9205bb96d9783efd16838858 29332 graphics optional graphicsmagick-libmagick-dev-compat_1.3.26-16_all.deb
16750870dbcc706a4be717cc43efac58 11493 graphics optional graphicsmagick_1.3.26-16_amd64.buildinfo
ae69c9e943ebf69bde5fc0de50dfc61d 867800 graphics optional graphicsmagick_1.3.26-16_amd64.deb
24a9394b5cd71eec8d820215b30cb998 72696 perl optional libgraphics-magick-perl_1.3.26-16_amd64.deb
c60ae12f8ed14e9d402da7a4fea8087f 120132 libs optional libgraphicsmagick++-q16-12_1.3.26-16_amd64.deb
0ebc89510b0438cec36ebff812c36476 305124 libdevel optional libgraphicsmagick++1-dev_1.3.26-16_amd64.deb
3729cfa81e3e6592080b5dc612357e9c 1115624 libs optional libgraphicsmagick-q16-3_1.3.26-16_amd64.deb
6d159ebd538c819caff38418a069a2db 1340052 libdevel optional libgraphicsmagick1-dev_1.3.26-16_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAln04uQACgkQ3OMQ54ZM
yL/+1hAArT7VqCzWutJdU09yqRV9jp4MZJe5PzMyh/TvmZcISs6HILbMtfMC2B6B
Zb5OoeTTg9XFfiTYH8ZT/oLmvhV6V6cFVEt5gr3djHMXUa+gaS/gJzlBs1G9KITb
hejuff5sqJoCML1bQr2R/KMtVUiGnegjYiKMDfvrnHpo8987PaT7Uv2EfeYG5H5d
kNFKjDzp3oFMDiGigncROZ3sMYDXRB6/raOoW0+ouKrMgHxRC6XYQgkql8xyA1SH
pDxj31z5e7SJVLqhSo67s+DcA/UjQMG4TJIxK11U3K6ugMq4l9lXslUS2+8tHdx+
4a+Zyy2EosM2Zop1rKHTrUCKj1Lj4NPORmd2tPJkoyKCHampmMJTnwnaUDAPyYK9
RSPFrdhqQ0JoGaoNshMFlUeGNeySDGu/v1rxPqeLRqtGvxEWKLOSEzpSR3cevS/c
XQFjTGCmuu0tLznOJRXUVwQ7xON+XCaJvR5NstkS48MH1qwV90ZYxBkguI6ulYEt
93g4BrV4ONVJm8zkcolvGCnG/zMzVNaryTeU7YxCRA/zMTBfzWQqyOZYdvEl2hHv
5T/GH98ke3h4w7Kae1CH+doHioveabG0QHQXlSbNpBoMsTmXeA1SEL7T3Xf2xgsU
zwXz9+HvPicAmUVli8R58SIAql3hp8LS2zR+0G5/6X7MDPFr7Zk=
=uJf6
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Dec 2017 07:33:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:53:46 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon