Debian Bug report logs -
#870108
imagemagick: CVE-2017-12641
Reported by: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Sat, 29 Jul 2017 20:45:01 UTC
Severity: important
Tags: security, upstream
Found in versions imagemagick/8:6.8.9.9-5+deb8u8, imagemagick/8:6.9.7.4+dfsg-13, imagemagick/8:6.7.7.10-5+deb7u14, imagemagick/8:6.7.7.10-5+deb9u1, imagemagick/8:6.8.9.9-5+deb8u9
Fixed in version imagemagick/8:6.9.7.4+dfsg-15
Done: Bastien Roucariès <rouca@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://github.com/ImageMagick/ImageMagick/issues/550
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>:
Bug#870108; Package src:imagemagick.
(Sat, 29 Jul 2017 20:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>.
(Sat, 29 Jul 2017 20:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: team@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb9u1
forwarded:https://github.com/ImageMagick/ImageMagick/issues/550
Version: ImageMagick 7.0.6-1 Q16 x86_64
#./magick identify $FILE
=================================================================
==32637==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 13488 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d5b9db9 in AcquireImage image.c:169:19
#3 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#4 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#5 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#6 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#7 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#8 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#9 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#10 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#11 0x514f77 in MagickMain magick.c:151:10
#12 0x5149d1 in main magick.c:263:10
#13 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Direct leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8dc4739f in ReadOneJNGImage png.c:4477:39
#3 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#4 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#5 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#6 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#7 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#8 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#9 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#10 0x514f77 in MagickMain magick.c:151:10
#11 0x5149d1 in main magick.c:263:10
#12 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d5be753 in AcquireImageInfo image.c:347:28
#3 0x7fbe8d5c78c3 in CloneImageInfo image.c:952:14
#4 0x7fbe8d5be688 in SyncImageSettings image.c:4051:21
#5 0x7fbe8d5bbe88 in AcquireImage image.c:290:10
#6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#14 0x514f77 in MagickMain magick.c:151:10
#15 0x5149d1 in main magick.c:263:10
#16 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
#3 0x7fbe8d3891e4 in AcquirePixelCache cache.c:195:28
#4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
#3 0x7fbe8d64a44a in AcquirePixelChannelMap pixel.c:101:35
#4 0x7fbe8d5ba77b in AcquireImage image.c:208:22
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 280 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d367dfd in CloneBlobInfo blob.c:504:27
#3 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15
#4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#12 0x514f77 in MagickMain magick.c:151:10
#13 0x5149d1 in main magick.c:263:10
#14 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10
#2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10
#3 0x7fbe8d389ca4 in AcquirePixelCacheNexus cache.c:268:31
#4 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26
#5 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#14 0x514f77 in MagickMain magick.c:151:10
#15 0x5149d1 in main magick.c:263:10
#16 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
#1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7fbe8d5ba935 in AcquireImage image.c:213:20
#4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#12 0x514f77 in MagickMain magick.c:151:10
#13 0x5149d1 in main magick.c:263:10
#14 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
#1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7fbe8d3899c3 in AcquirePixelCache cache.c:226:25
#4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
#1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7fbe8d368bf7 in GetBlobInfo blob.c:1414:24
#4 0x7fbe8d367eec in CloneBlobInfo blob.c:507:3
#5 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15
#6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#14 0x514f77 in MagickMain magick.c:151:10
#15 0x5149d1 in main magick.c:263:10
#16 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
#1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7fbe8d389a52 in AcquirePixelCache cache.c:228:30
#4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142
#1 0x7fbe8d60adb2 in AcquireAlignedMemory memory.c:261:7
#2 0x7fbe8d389bae in AcquirePixelCacheNexus cache.c:264:29
#3 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26
#4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16
#5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21
#6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9
#7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13
#8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9
#9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9
#10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10
#11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18
#12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14
#13 0x514f77 in MagickMain magick.c:151:10
#14 0x5149d1 in main magick.c:263:10
#15 0x7fbe87456f44 in __libc_start_main libc-start.c:287
SUMMARY: AddressSanitizer: 49832 byte(s) leaked in 12 allocation(s).
testcase: https://github.com/jgj212/poc/blob/master/leak-ReadOneJNGImage
Credit : ADLab of Venustech
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u8.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org.
(Sat, 29 Jul 2017 20:45:04 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u9.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org.
(Sat, 29 Jul 2017 20:45:05 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5+deb7u14.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org.
(Sat, 29 Jul 2017 20:45:06 GMT) (full text, mbox, link).
Marked as found in versions imagemagick/8:6.7.7.10-5+deb9u1.
Request was from Bastien ROUCARIES <roucaries.bastien@gmail.com>
to submit@bugs.debian.org.
(Sat, 29 Jul 2017 20:45:06 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from roucaries.bastien@gmail.com
to control@bugs.debian.org.
(Sat, 29 Jul 2017 21:18:04 GMT) (full text, mbox, link).
Reply sent
to Bastien Roucariès <rouca@debian.org>:
You have taken responsibility.
(Sat, 29 Jul 2017 23:09:16 GMT) (full text, mbox, link).
Notification sent
to Bastien ROUCARIES <roucaries.bastien@gmail.com>:
Bug acknowledged by developer.
(Sat, 29 Jul 2017 23:09:16 GMT) (full text, mbox, link).
Message #20 received at 870108-close@bugs.debian.org (full text, mbox, reply):
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-15
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 870108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <rouca@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Jul 2017 17:14:38 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-15
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library - architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 870047 870065 870067 870105 870106 870107 870108 870109 870111 870115 870116 870117 870118 870119 870120
Changes:
imagemagick (8:6.9.7.4+dfsg-15) unstable; urgency=high
.
* Bug fix: "imagemagick FTBFS: coders/mat.c:1372:3",
thanks to Adrian Bunk and Gianfranco Costamagna
(Closes: #870047).
* Security fixes:
+ CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function
in MagickCore/pixel-accessor.h.
(Closes: #870065).
+ CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
(Closes: #870067)
+ Validate png file.
Detect corrupted png early and avoid a crash
(Closes: #870105)
+ Heap buffer overflow in ReadOneMNGImage
A crafted file will cause x_off[i] out-of-bound operation vulnerability.
(Closes: #870106)
+ memory exhaustion in ReadOneJNGImage in png.c
When identify JNG file that contains chunk data, imagemagick will
allocate memory to store the chunk data in function ReadOneJNGImage
Due to a lack of valition, memory is not limited for corrupted files.
(Closes: #870107)
+ memory leak in ReadOneJNGImage #550
A crafted file could trigger a memory leak
(Closes: #870108)
+ out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
+ coders/png.c: Memory leak Fixed Issue 600
(Closes: #870116)
+ memory leak in ReadOneJNGImage (upstream 602)
Fix a leak triggered by a corrupted file
(Closes: #870115)
+ Stuck in LockSemaphoreInfo after reading a png with width==MAGICK_WIDTH_LIMIT
Some version of libpng need serialization for error recovery of hard lock
Could be triggered by a corrupted file
(Closes: #870111)
+ memory leak in ReadOneMNGImage #619
A memory leak vulnerability was found in function ReadOneMNGImage,
which allow attackers to cause a denial of service (memory leak) via
a crafted file.
(Closes: #870117)
+ memory leak in ReadOneJNGImage #618
Triggered by a corrupted file
(Closes: #870118)
+ bad free in RelinquishMagickMemory
(Closes: #870119)
+ CVE-2017-11539: coders/png.c: Initialized quantum_info to prevent memory leakage
(Closes: #870120)
Checksums-Sha1:
e4470dc13e08044a41ae849db3ca6fb729a1f43e 5137 imagemagick_6.9.7.4+dfsg-15.dsc
8559e418b654908ef3185d39de794abb2fc78265 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
b2062aa91e3b102960cd268ff286e8f639b1f95e 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo
Checksums-Sha256:
8ca618e974bafa89ea30fd2da64c3b0e90b18152342ef96d561e9922a0bd3ead 5137 imagemagick_6.9.7.4+dfsg-15.dsc
a575c3e343a19e6f5e42cd9a9d56a676dfd2d28c7305b884f18fa73e5d1a5139 248828 imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
0f30cc857cef1b311e4776a03a63308d3c38e863b791b411c6204fbf6d98675c 12823 imagemagick_6.9.7.4+dfsg-15_source.buildinfo
Files:
8e27fdd2bbf1babbae525b8ad888ecbd 5137 graphics optional imagemagick_6.9.7.4+dfsg-15.dsc
6f54da3b7e01cef045f5f2158e18ba69 248828 graphics optional imagemagick_6.9.7.4+dfsg-15.debian.tar.xz
a8068f184b323efc24f249e550ec4285 12823 graphics optional imagemagick_6.9.7.4+dfsg-15_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAll9EN4ACgkQADoaLapB
CF8kEA/+LJzRSxbJtd3eYTZ6rF0LvraLAbNHgtmwAye26v+p7fKcLDtAVY0OOLx7
apTM2T67ex6w0JZg1PQTpdSAKkZlJpX4aW5hWe1FTeYnNm+m47YQoB7biBIN9ZoM
D+QGMHctt+UYKHLf/MWYJOozQQH7DZb8k2uQlJkvWDqhNpDHygRb83U6GFF+qwku
/yIeEaaSv0EDz4O3oFcc5cdKI0sMxF8NNIv2W3bvM8P4sWlkjnJaWESjhOwf+bPO
1Lqrda2HjhV79wVdv6pFf2f3fOE+4KRWjc1b8/qy9n8H65aZU1dzSdsUWLdMYbOb
G/lAbXAO59m8n64WC0PfooVRzUKCu+A+YW8nZbXFZB53fvJ5MpWre7jGHG/Lz9ja
S/d7V2oTQKOK/q+fCQiqr7Pl3KMYOUpj0dBAKJ2aRRNo3l7BuSoqLeoIMt4E9EmW
nwUZ/QMemem/jktH9JP88Xn/6/sD/IztmSDpMRG6B/+U+/bSbxY7mb7QMiUb8aam
31uVxFmqLJufjxU/xxDjDJrpJKH3QH8iX4CF1OnoSt9Ceyg8BN/a+rzhw/8I4ko6
IMKDEVUwTy1cmPpDIduS/VX+jJR1BVlRSVRe9Jmb3oFo+dGll9y1z4l6cMkH1H8X
NELGNEwv64n33N1L9BBzPHf/6QYIov9YiM/USO4gSqTwX2hu75k=
=SGwE
-----END PGP SIGNATURE-----
Changed Bug title to 'imagemagick: CVE-2017-12641' from 'memory leak in ReadOneJNGImage #550'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 07 Aug 2017 21:39:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 05 Sep 2017 07:26:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:56:05 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon