Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-12428

Source

Debian Bug report logs - #869713
imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo

Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>;

Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Date: Tue, 25 Jul 2017 20:45:02 UTC

Severity: important

Tags: security, upstream

Found in version imagemagick/8:6.8.9.9-5

Fixed in version imagemagick/8:6.9.7.4+dfsg-13

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/ImageMagick/ImageMagick/issues/544

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, unknown-package@qa.debian.org:
Bug#869713; Package src:src:imagemagick. (Tue, 25 Jul 2017 20:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, unknown-package@qa.debian.org. (Tue, 25 Jul 2017 20:45:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security upstream
X-Debbugs-CC: team@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded: https://github.com/ImageMagick/ImageMagick/issues/544

The function CloneDrawInfo in draw.c allows attackers to cause a
denial of service (memory leak) via a crafted file.

Marked as found in versions src:imagemagick/8:6.8.9.9-5+deb8u8. Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com> to submit@bugs.debian.org. (Tue, 25 Jul 2017 20:45:04 GMT) (full text, mbox, link).

Marked as found in versions src:imagemagick/8:6.8.9.9-5+deb8u9. Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com> to submit@bugs.debian.org. (Tue, 25 Jul 2017 20:45:04 GMT) (full text, mbox, link).

Marked as found in versions src:imagemagick/8:6.7.7.10-5+deb7u14. Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com> to submit@bugs.debian.org. (Tue, 25 Jul 2017 20:45:05 GMT) (full text, mbox, link).

Marked as found in versions src:imagemagick/8:6.7.7.10-5+deb7u4. Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com> to submit@bugs.debian.org. (Tue, 25 Jul 2017 20:45:06 GMT) (full text, mbox, link).

Bug reassigned from package 'src:src:imagemagick' to 'src:imagemagick'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 26 Jul 2017 04:15:02 GMT) (full text, mbox, link).

No longer marked as found in versions src:imagemagick/8:6.8.9.9-5+deb8u9, src:imagemagick/8:6.7.7.10-5+deb7u14, imagemagick/8:6.9.7.4+dfsg-11, src:imagemagick/8:6.8.9.9-5+deb8u8, and src:imagemagick/8:6.7.7.10-5+deb7u4. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 26 Jul 2017 04:15:03 GMT) (full text, mbox, link).

Marked as found in versions imagemagick/8:6.8.9.9-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 26 Jul 2017 04:15:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#869713; Package src:imagemagick. (Fri, 28 Jul 2017 21:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Fri, 28 Jul 2017 21:24:02 GMT) (full text, mbox, link).

Message #24 received at 869713@bugs.debian.org (full text, mbox, reply):

version: 8:6.9.7.4+dfsg-13


Patch queue contain:
commit 68ec95456c0bf6335579285341493c47f07b32f8
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Thu Jul 6 06:13:54 2017 -0400

    wmf file memory leak in CloneDrawInfo

    The function CloneDrawInfo in draw.c allows attackers to cause a
    denial of service (memory leak) via a crafted file.

    bug: https://github.com/ImageMagick/ImageMagick/issues/544
    bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869713.
    origin: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277

    (cherry picked from commit f37d26336bf13737db45e556c25fc098f8a8b277)

Information forwarded to debian-bugs-dist@lists.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#869713; Package src:imagemagick. (Sat, 29 Jul 2017 03:03:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>. (Sat, 29 Jul 2017 03:03:05 GMT) (full text, mbox, link).

Message #29 received at 869713@bugs.debian.org (full text, mbox, reply):

Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-13

On Fri, Jul 28, 2017 at 11:20:30PM +0200, Bastien ROUCARIES wrote:
> version: 8:6.9.7.4+dfsg-13
> 
> 
> Patch queue contain:
> commit 68ec95456c0bf6335579285341493c47f07b32f8
> Author: Cristy <urban-warrior@imagemagick.org>
> Date:   Thu Jul 6 06:13:54 2017 -0400
> 
>     wmf file memory leak in CloneDrawInfo
> 
>     The function CloneDrawInfo in draw.c allows attackers to cause a
>     denial of service (memory leak) via a crafted file.
> 
>     bug: https://github.com/ImageMagick/ImageMagick/issues/544
>     bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869713.
>     origin: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277
> 
>     (cherry picked from commit f37d26336bf13737db45e556c25fc098f8a8b277)

Indeed, closing with that version.

Regards,
Salvatore

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sat, 29 Jul 2017 03:03:07 GMT) (full text, mbox, link).

Notification sent to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
Bug acknowledged by developer. (Sat, 29 Jul 2017 03:03:07 GMT) (full text, mbox, link).

Changed Bug title to 'imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo' from '[imagemagick] memory leak in CloneDrawInfo #544'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 04 Aug 2017 21:27:03 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 03 Sep 2017 07:28:25 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:55:38 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo

Debian Bug report logs - #869713
imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo

Vulmon Search

About

Products

Connect

imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo

Debian Bug report logs - #869713 imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo

Vulmon Search

About

Products

Connect

Debian Bug report logs - #869713
imagemagick: CVE-2017-12428: memory leak in CloneDrawInfo