graphicsmagick: CVE-2018-9018

Debian Bug report logs - #894396
graphicsmagick: CVE-2018-9018

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: graphicsmagick: CVE-2018-9018

Date: Thu, 29 Mar 2018 21:28:49 +0200

Source: graphicsmagick
Version: 1.3.28-1
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/554/
Control: found -1 1.3.20-3

Hi,

The following vulnerability was published for graphicsmagick:

CVE-2018-9018[0]:
| In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage
| function of coders/png.c. Remote attackers could leverage this
| vulnerability to cause a crash and denial of service via a crafted mng
| file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-9018
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9018
[1] https://sourceforge.net/p/graphicsmagick/bugs/554/
[2] http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee

Regards,
Salvatore

Message #12 received at 894396-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 894396-close@bugs.debian.org

Subject: Bug#894396: fixed in graphicsmagick 1.3.28-2

Date: Sat, 31 Mar 2018 19:49:47 +0000

Source: graphicsmagick
Source-Version: 1.3.28-2

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 894396@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Mar 2018 11:05:51 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.28-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 894396
Changes:
 graphicsmagick (1.3.28-2) unstable; urgency=high
 .
   * Backport security fixes:
     - don't use rescale map if it was not allocated,
     - validate number of colormap bits to avoid undefined shift behavior,
     - defend against partial scanf() expression matching, resulting in benign
       use of uninitialized data,
     - don't use rescale map if it was not allocated,
     - fix tile index overflow,
     - reject XPM if it contains non-whitespace control characters,
     - fix forged amount of frames 6755,
     - validate header length and offset properties,
     - fixed memory leak when tile overflows,
     - fix forged amount of frames 7076,
     - check for forged image that overflows file size,
     - validate size request prior to allocation,
     - validate that file size is sufficient for claimed image properties,
     - fix signed integer overflow when computing pixels size,
     - include number of FITS scenes in file size validations,
     - allocate space for null termination and null terminate string,
     - validate that samples per pixel is in valid range,
     - check whether datablock is really read,
     - verify that sufficient backing data exists before allocating memory to
       read it,
     - duplicate image check for data with fixed geometry,
     - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
       changed while ticks_per_second is zero (closes: #894396),
     - add checks for EOF,
     - validate that PICT rectangles do not have zero dimensions,
     - check image pixel limits before allocating memory for tile.
   * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
   * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
     to simplify logic.
   * Backport patch to remove shadowed tile_image variable which defeats new
     ThrowPICTReaderException() implementation.
Checksums-Sha1:
 b4464f9bb498db098b59ffe96b5f94326ad8b6a6 2797 graphicsmagick_1.3.28-2.dsc
 390f37f53838d700b397d0fd3174dceec71275ef 160056 graphicsmagick_1.3.28-2.debian.tar.xz
 9d3624bf6db0d0cc006740f14d17b6663dfb02d3 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
 bcc6d1b28d96b3e5fc63d8a894dd9b78bb60d11c 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 78d757c30b9460f877ccd612807f4e3e75ebf968 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 45f233716d8a6b12ad8f6c14c78b47740d968050 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
 a71ef0ec9b263e03bdf9e977452f7d727ffa4b38 877600 graphicsmagick_1.3.28-2_amd64.deb
 04f107a3b1d27c769dc8794bf8c89f0c0c46b514 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
 ca4a7e860412653bad1921b1642bdf9d336fbced 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 1f2ccbfd746b763458c32f56f61ad96b030cd802 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 108c430f75d23f7491a71d2dadb089756d0e16cd 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 c84f5a0d29a038fc6e9c25560a9cf5c7b1a5f912 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Checksums-Sha256:
 0671ceead3d4f720a8a2ce4e1647ebb17f6933d5f7cbaf10b707260c6c61a25a 2797 graphicsmagick_1.3.28-2.dsc
 68f6349179985aa130e2b0794649f1c5d0574fd12cc97bb801d9743c6362c234 160056 graphicsmagick_1.3.28-2.debian.tar.xz
 ebc581df0c76be14e4815c70e687ac3ff1f2222c1c8bbb20002325b6da371895 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
 823d6a690a68a2700745cee17dadc063139d1c0a54e0fbb3ce9755fadb84b618 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 599d1eb3b37d596b947d828c2db1b9edf7bb57bef371f03b0d2326568ee6dbc4 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 c0813c138faa251426b36f74a1ac14b19188889c83e40df0cf177a4d3be2fd7d 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
 9e64bb3e3be5dc7a39f152aa372e014b974a1c2ff87e0e8ecb2a837da28f7748 877600 graphicsmagick_1.3.28-2_amd64.deb
 42965ddab07a9ceea9779b2f2ddcffb3d273ef1973e379c0727204062231470c 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
 3027039592618d4e78f534136a8fbf0b0f51f10fce2b8f25737987fab09bc5f5 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 0c4f399b0410ba5b0b5b3ae1e9349d3c45a045f41d90563920921334c2a37df0 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 198cbd30ba820ae361d1cf195fe8049338d4e677812206d14f201a6568103e19 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 78a93c82b88bcc6754de2e3821be7bbabe61b22cc8c7446bc55025f20e7e77b8 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Files:
 250731224a0493bcd1e5a53ea2ca908f 2797 graphics optional graphicsmagick_1.3.28-2.dsc
 865c0b168fd1e45e0c13139d2437396c 160056 graphics optional graphicsmagick_1.3.28-2.debian.tar.xz
 78bfead8e742260ed8f14e935f7fb43e 3191296 debug optional graphicsmagick-dbg_1.3.28-2_amd64.deb
 031d7c23a0e4ae52f626ebc2ce3886a9 23628 graphics optional graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 f1c0cc0318a2aa508969cfbeecd31171 27064 graphics optional graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 04441f7f28a4bb74825ef0be365b67f1 11585 graphics optional graphicsmagick_1.3.28-2_amd64.buildinfo
 eb1c0ed1b7b7c095d0b18c3b7ab849e6 877600 graphics optional graphicsmagick_1.3.28-2_amd64.deb
 5f5d3491df50a87cb4d98c563291cac4 70404 perl optional libgraphics-magick-perl_1.3.28-2_amd64.deb
 bfeea401156b22be0cff51de90338168 118268 libs optional libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 89a42fbc27d6f059824331eb048c3a21 303072 libdevel optional libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 af2312352800d2ec18e57fd08db412f0 1120000 libs optional libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 789039bad9d157b18223c74e693f524b 1345600 libdevel optional libgraphicsmagick1-dev_1.3.28-2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlq/4nkACgkQ3OMQ54ZM
yL+G5Q//T83yQyWAoqyNXQjc86frf4CPl5w2DbUpBE0lCQTLm5ifFEZusFvqfOod
7x11jbq/c5X7baqEGK6+UdCBs5uRusM6juNmo8hFLkdMKHK09u832jE4tLN3JtIm
tWv1S+2hTFiDdhlLImRfcAGDQIW2AemolVTvK9pu8fNglXj6Ftrmb3LlmV1RsUA/
lQBbRpg8a5GlOjk9+tmcpD7d0U/fMXHr9ndrbqDmJdRVfLhMDnzl1v9HwJykeb/A
FY8Lxdz5D6IBv0O1jK1C72gZlBY5JogiXQsuvEXGzxwReinwszmbhgl1eyMYSbO4
uz2DK8/95xHFIGzndt5rNcbEwv/NFDmdciA2sAPYKsPSVg7WEJe/Br/DFsLx4mxc
3XSuq+8rWFlL6/Y+dhVDYwtSO3UPxB4BQgaLWqx1qyEk+nPokffBlG8gA72DbACz
zMQkSG+MfZsY5uF7d/ZVN3n4GuTBhM2LMd3dW3k/6fBj+eAUlW+400tvksbpMHPf
NXUJbWW4nTqkLBh46WZonVDug80/q7ElguCCV3HgrZkzhmlxSUQ4nSB859EkITmc
p4GTSkrmeWGNs61i2SXoKRMEHSs/ml17dKwJQnuHhAwa7xyAkT15E2Ux7BjHAPOi
RoxMOLe+AvFSLwB8lYD/VD6R2+0e6C3Amv1Bi7QSO3OC9fXrZyM=
=Wuxa
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.