Debian Bug report logs -
#444266
CVE-2007-4985, CVE-2007-4986, CVE-2007-4988 multiple vulnerabilities
Reported by: Nico Golde <nion@debian.org>
Date: Thu, 27 Sep 2007 11:15:02 UTC
Severity: grave
Tags: security
Fixed in version graphicsmagick/1.1.11-1
Done: Daniel Kobras <kobras@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
New Bug report received and forwarded. Copy sent to Daniel Kobras <kobras@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: graphicsmagick
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for graphicsmagick.
CVE-2007-4985[0]:
| ImageMagick before 6.3.5-9 allows context-dependent attackers to cause
| a denial of service via a crafted image file that triggers (1) an
| infinite loop in the ReadDCMImage function, related to ReadBlobByte
| function calls; or (2) an infinite loop in the ReadXCFImage function,
| related to ReadBlobMSBLong function calls.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
Since this could happen in for example an automatic image
upload web service I set the severity to grave.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>
.
(full text, mbox, link).
Message #10 received at 444266@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 444267 CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 multiple vulnerabilities
retitle 444266 CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 multiple vulnerabilities
thanks
Hi,
and 3 more vulnerabilities:
CVE-2007-4986[0]:
| Multiple integer overflows in ImageMagick before 6.3.5-9
| allow context-dependent attackers to execute arbitrary code
| via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5)
| .xwd image file, which triggers a heap-based buffer
| overflow.
CVE-2007-4987[1]:
| Off-by-one error in the ReadBlobString function in blob.c in
| ImageMagick before 6.3.5-9 allows context-dependent
| attackers to execute arbitrary code via a crafted image
| file, which triggers the writing of a '\0' character to an
| out-of-bounds address.
CVE-2007-4988[2]:
| Sign extension error in the ReadDIBImage function in
| ImageMagick before 6.3.5-9 allows context-dependent
| attackers to execute arbitrary code via a crafted width
| value in an image file, which triggers an integer overflow
| and a heap-based buffer overflow.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Changed Bug title to `CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 multiple vulnerabilities' from `CVE-2007-4985 possible infinite loop in ReadXCFImage and ReadDCMImage'.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Thu, 27 Sep 2007 11:24:08 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Daniel Kobras <kobras@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #17 received at 444266@bugs.debian.org (full text, mbox, reply):
retitle 444266 CVE-2007-4985, CVE-2007-4986, CVE-2007-4988 multiple vulnerabilities
thanks
Hi!
I've removed CVE-2007-4987 from the bug title, as it only applies to
imagemagick, but not to graphicsmagick. Graphicsmagick upstream is
already working on fixes for the other vulnerabilities.
Regards,
Daniel.
Changed Bug title to `CVE-2007-4985, CVE-2007-4986, CVE-2007-4988 multiple vulnerabilities' from `CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 multiple vulnerabilities'.
Request was from Daniel Kobras <kobras@debian.org>
to control@bugs.debian.org
.
(Thu, 27 Sep 2007 20:12:07 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>
.
(full text, mbox, link).
Message #24 received at 444266@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
* Daniel Kobras <kobras@debian.org> [2007-09-27 23:36]:
> I've removed CVE-2007-4987 from the bug title, as it only applies to
> imagemagick, but not to graphicsmagick. Graphicsmagick upstream is
> already working on fixes for the other vulnerabilities.
Great thanks! Marked this in the security tracker.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>
.
(full text, mbox, link).
Message #29 received at 444266@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
just wanted to let you know that for imagemagick there are
patches on:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444267#17
Maybe they help you as well.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Daniel Kobras <kobras@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #34 received at 444266@bugs.debian.org (full text, mbox, reply):
On Sat, Sep 29, 2007 at 11:42:12PM +0200, Nico Golde wrote:
> just wanted to let you know that for imagemagick there are
> patches on:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444267#17
> Maybe they help you as well.
Thanks. I'm co-maintaining imagemagick as well so have already been
aware of the patches. Mind though that they contain a few bugs and
need some tweaking. Also, licensing between imagemagick and
graphicsmagick is subtly different, which means that importing
imagemagick code into graphicsmagick is not allowed (there's no problem
in the other direction). It's problematic here as these upstream-derived
patches contain not only small changes, but new API function.
Regards,
Daniel.
Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kobras <kobras@debian.org>
:
Bug#444266
; Package graphicsmagick
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Daniel Kobras <kobras@debian.org>
.
(full text, mbox, link).
Message #39 received at 444266@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
* Daniel Kobras <kobras@debian.org> [2007-09-30 13:39]:
> On Sat, Sep 29, 2007 at 11:42:12PM +0200, Nico Golde wrote:
> > just wanted to let you know that for imagemagick there are
> > patches on:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444267#17
> > Maybe they help you as well.
>
> Thanks. I'm co-maintaining imagemagick as well so have already been
> aware of the patches. Mind though that they contain a few bugs and
> need some tweaking. Also, licensing between imagemagick and
> graphicsmagick is subtly different, which means that importing
> imagemagick code into graphicsmagick is not allowed (there's no problem
> in the other direction). It's problematic here as these upstream-derived
> patches contain not only small changes, but new API function.
What is the current status of this one?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Daniel Kobras <kobras@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #44 received at 444266-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick
Source-Version: 1.1.11-1
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive:
graphicsmagick-dbg_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-1_amd64.deb
graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
to pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
to pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
graphicsmagick_1.1.11-1.diff.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1.diff.gz
graphicsmagick_1.1.11-1.dsc
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1.dsc
graphicsmagick_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11-1_amd64.deb
graphicsmagick_1.1.11.orig.tar.gz
to pool/main/g/graphicsmagick/graphicsmagick_1.1.11.orig.tar.gz
libgraphics-magick-perl_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-1_amd64.deb
libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
libgraphicsmagick++1_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-1_amd64.deb
libgraphicsmagick1-dev_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-1_amd64.deb
libgraphicsmagick1_1.1.11-1_amd64.deb
to pool/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 444266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kobras <kobras@debian.org> (supplier of updated graphicsmagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Feb 2008 21:33:02 +0100
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick1 libgraphicsmagick1-dev libgraphicsmagick++1 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.1.11-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <kobras@debian.org>
Changed-By: Daniel Kobras <kobras@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick1 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 444266 462113
Changes:
graphicsmagick (1.1.11-1) unstable; urgency=medium
.
* New upstream version, containing multiple security fixes. Closes: #444266
+ Fixes denial-of-service via malicious DCM and XCF files. (CVE-2007-4985)
+ Fixes integer overflows in multiple coders. (CVE-2007-4986)
+ Fixes sign extension error when reading DIB images. (CVE-2007-4988)
+ For reference, GraphicsMagick was not affected by an off-by-one error
in ImageMagick's ReadBlobString() function. (CVE-2007-4987)
* Magick++/lib/Geometry.cpp: Add missing cstring include to fix build with
gcc 4.3. Closes: #462113
* utilities/gm.1: Fix formatting errors in man page gm(1).
* debian/control: Packages comply with version 3.7.3 of Debian policy.
* debian/graphicsmagick.menu: Move section of gm utility from obsolete
section 'Apps' to current 'Applications'.
Files:
493f58f8c67e47fd8dc705873a912ac6 1072 graphics optional graphicsmagick_1.1.11-1.dsc
16a032350a153d822ac07cae01961a91 6046139 graphics optional graphicsmagick_1.1.11.orig.tar.gz
1aa844828aa04c2c99b7fd001a436b0c 134429 graphics optional graphicsmagick_1.1.11-1.diff.gz
4ea93969f20205de4763b961649867e5 951392 graphics optional graphicsmagick_1.1.11-1_amd64.deb
5be4465724c1c54dd85bdddb3c63833c 1217400 libs optional libgraphicsmagick1_1.1.11-1_amd64.deb
86b220c97a3c3df59aa2730a6d211044 1589496 libdevel optional libgraphicsmagick1-dev_1.1.11-1_amd64.deb
a8863f05224b0b48db5fb6c638223af3 260414 libs optional libgraphicsmagick++1_1.1.11-1_amd64.deb
e391665f10a582956b36d69d90c477ed 543848 libdevel optional libgraphicsmagick++1-dev_1.1.11-1_amd64.deb
9cbd830876202c8de60983eb5f38b2f3 165340 perl optional libgraphics-magick-perl_1.1.11-1_amd64.deb
44899ed3a3865f45973b2a99a58afa5f 1460764 graphics extra graphicsmagick-dbg_1.1.11-1_amd64.deb
850c0ba36f954d148a0617a056cb10bc 11806 graphics extra graphicsmagick-imagemagick-compat_1.1.11-1_all.deb
9f15ea71ff95fbc2d8b2be8021911711 15336 graphics extra graphicsmagick-libmagick-dev-compat_1.1.11-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHxJcXpOKIA4m/fisRAr6TAKC4Y/3447qIvNB+874vHNbB0f8qZACcCyIQ
P79IzNAHvXRNzbe7O8N3onM=
=74TW
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 16 Mar 2009 09:42:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:41:12 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.