Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-12433

Source

Debian Bug report logs - #872481
imagemagick: CVE-2017-12433

Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 17 Aug 2017 19:36:02 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in version imagemagick/8:6.9.7.4+dfsg-16

Fixed in version 8:6.9.9.6+dfsg-1

Done: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/ImageMagick/ImageMagick/issues/548

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#872481; Package src:imagemagick. (Thu, 17 Aug 2017 19:36:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Thu, 17 Aug 2017 19:36:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: imagemagick
Version: 8:6.9.7.4+dfsg-16
Severity: grave
Tags: security
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/548

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-12433[0]:
| In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the
| function ReadPESImage in coders/pes.c, which allows attackers to cause
| a denial of service, related to ResizeMagickMemory in memory.c.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12433
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12433
[1] https://github.com/ImageMagick/ImageMagick/issues/548

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#872481; Package src:imagemagick. (Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).

Message #10 received at 872481@bugs.debian.org (full text, mbox, reply):

Control: severity -1 important
Control: tags -1 upstream fixed-upstream

On Thu, Aug 17, 2017 at 09:33:18PM +0200, Salvatore Bonaccorso wrote:
> Source: imagemagick
> Version: 8:6.9.7.4+dfsg-16
> Severity: grave
> Tags: security

Something went wrong when submitting the report.

Regards,
Salvatore

Severity set to 'important' from 'grave' Request was from Salvatore Bonaccorso <carnil@debian.org> to 872481-submit@bugs.debian.org. (Thu, 17 Aug 2017 19:45:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to 872481-submit@bugs.debian.org. (Thu, 17 Aug 2017 19:45:05 GMT) (full text, mbox, link).

Reply sent to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
You have taken responsibility. (Thu, 08 Feb 2018 12:36:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 08 Feb 2018 12:36:03 GMT) (full text, mbox, link).

Message #19 received at 872481-done@bugs.debian.org (full text, mbox, reply):

version: 8:6.9.9.6+dfsg-1

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 13 Mar 2018 07:37:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:28:50 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

imagemagick: CVE-2017-12433

Debian Bug report logs - #872481
imagemagick: CVE-2017-12433

Vulmon Search

About

Products

Connect

imagemagick: CVE-2017-12433

Debian Bug report logs - #872481 imagemagick: CVE-2017-12433

Vulmon Search

About

Products

Connect

Debian Bug report logs - #872481
imagemagick: CVE-2017-12433