Your message dated Fri, 14 Jul 2017 13:55:16 +0000
with message-id <e1dw13s-000dk0...@fasolo.debian.org>
and subject line Bug#867778: fixed in imagemagick 8:6.9.7.4+dfsg-12
has caused the Debian Bug report #867778,
regarding imagemagick: CVE-2017-9500: assertion failed in
ResetImageProfileIterator
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
867778: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.8.9.9-5
Severity: important
Tags: patch security upstream fixed-upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/500
Hi,
the following vulnerability was published for imagemagick.
CVE-2017-9500[0]:
| In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the
| function ResetImageProfileIterator, which allows attackers to cause a
| denial of service via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9500
[1] https://github.com/ImageMagick/ImageMagick/issues/500
[2]
https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-12
We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated imagemagick package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Jul 2017 15:35:15 +0200
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev
imagemagick
Architecture: source
Version: 8:6.9.7.4+dfsg-12
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team
<pkg-gmagick-im-t...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
imagemagick - image manipulation programs -- binaries
imagemagick-6-common - image manipulation programs -- infrastructure
imagemagick-6-doc - document files of ImageMagick
imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
imagemagick-common - image manipulation programs -- infrastructure dummy
package
imagemagick-doc - document files of ImageMagick -- dummy package
libimage-magick-perl - Perl interface to the ImageMagick graphics routines
libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines
-- Q16 versio
libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics
routines -- Q16HDRI ve
libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header
files
libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files
(Q16HDRI)
libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
libmagickcore-6-arch-config - low-level image manipulation library -
architecture header files
libmagickcore-6-headers - low-level image manipulation library - header files
libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth
Q16
libmagickcore-6.q16-3-extra - low-level image manipulation library - extra
codecs (Q16)
libmagickcore-6.q16-dev - low-level image manipulation library - development
files (Q16)
libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum
depth Q16HDRI
libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra
codecs (Q16HDRI)
libmagickcore-6.q16hdri-dev - low-level image manipulation library -
development files (Q16HDRI
libmagickcore-dev - low-level image manipulation library -- dummy package
libmagickwand-6-headers - image manipulation library - headers files
libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16
libmagickwand-6.q16-dev - image manipulation library - development files (Q16)
libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI
libmagickwand-6.q16hdri-dev - image manipulation library - development files
(Q16HDRI)
libmagickwand-dev - image manipulation library -- dummy package
perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810
867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897
868184 868264
Changes:
imagemagick (8:6.9.7.4+dfsg-12) unstable; urgency=medium
.
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
Checksums-Sha1:
3d90914c6d86d4b36fbc80400725b25384f8735c 5137 imagemagick_6.9.7.4+dfsg-12.dsc
893fa5b030147239ca39394dc7a335dc7aa4934e 230416
imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
a59faecc6842d8fc0b26d6e9c3280dd73be53207 12956
imagemagick_6.9.7.4+dfsg-12_source.buildinfo
Checksums-Sha256:
f445c59ca48e8869b7676ed7336295c780478acfef00161a652f5a228a34cec3 5137
imagemagick_6.9.7.4+dfsg-12.dsc
8b91345baf34eeeadc6ea8e744a4d0f57ebf976c386833b55411b5faa862aa65 230416
imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
856cd6486e65aa3170819b0430e65fcaeb59a8474f857ef4ee71295852ba18c8 12956
imagemagick_6.9.7.4+dfsg-12_source.buildinfo
Files:
a6227a37d15c2b19bf999fe91d4b373b 5137 graphics optional
imagemagick_6.9.7.4+dfsg-12.dsc
20c4df2b2199408aee6abea9baacaed4 230416 graphics optional
imagemagick_6.9.7.4+dfsg-12.debian.tar.xz
e005c9489d784877411aef2032dd4b55 12956 graphics optional
imagemagick_6.9.7.4+dfsg-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlloyNcACgkQADoaLapB
CF92VA/6AsGc6Ezo71sxhMxClnTl6tentb3Zv+KAujRiNyOe8qwrdppL40mAYvaV
NImBUxk26Fbypbvs9UxzBEb52BP5ZcOS7t/e/De5SPYdMlDpdzOFFs5ygvVU9MmZ
eDAz3lRfnEAIVtLwrhYbxzfhsRNkXqrsmmSKge90Zc28VSO1vibE3Tu1VCYQJPzx
gEe2K5ghTrbG/DRF6L96u+bilajP76GUQFbbTEjtd8XLczmrAMZgpWEXiG5ZqQBh
OhvgjATw5WbiSbenErnxciCxu82wAOetsLtGwzwfrfDcOwqzfI6J5Oss6C1pf9uB
YNbrP6EwmUzjm23qDunnyZdOUZngNs7JOJvN9MhK3udBOU0tqvEsq+qAtv89wnTi
X7mWlHl5DAStNYFUIGgRnezJ+4IzXJHh5qsRC2WD3C8ebizvuRWUMy1RbT+07QaD
5D4lFuu3XQldfpmb/N3cGGPsD6WiwrigQeEdjA7XmDJbSmj2pACuuu+JJWq33dHU
3vLwND2qHBEBW9yaeQZf3zYYV22XzWxfu3s/a3PZZ/j88mHDrAWhCS3PEIvzi2g5
D0z/dJwt0/oykRPJAMln80eBqKnBdbeYKcwpE8IUM/pq/dg3y21diJj/fAaNbv36
FNmW9mELe3ZVTEBqkDITD054q1fJYKuCT8uBIZ0ElnP8o8hRZk4=
=m2Hc
-----END PGP SIGNATURE-----
--- End Message ---