This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.13
---------------
imagemagick (8:6.7.7.10-6ubuntu3.13) trusty-security; urgency=medium
[ Steve Beattie ]
* SECURITY UPDATE: code execution vulnerabilities in ghostscript as
invoked by imagemagick
- debian/patches/200-disable-ghostscript-formats.patch: disable
ghostscript handled types by default in policy.xml
* SECURITY UPDATE: information leak in ReadXBMImage
- debian/patches/CVE-2018-16323.patch: don't leave data
uninitialized with negative pixels
- CVE-2018-16323
* SECURITY UPDATE: memory leak of colormap in WriteMPCImage
- debian/patches/CVE-2018-14434.patch: free colormap on bad
color depth
- CVE-2018-14434
* SECURITY UPDATE: memory leak in DecodeImage
- debian/patches/CVE-2018-14435.patch: free memory when given a
bad plane
- CVE-2018-14435
* SECURITY UPDATE: memory leak in ReadMIFFImage
- debian/patches/CVE-2018-14436.patch: free memory when given a bad
depth
- CVE-2018-14436
* SECURITY UPDATE: memory leak in parse8BIM
- debian/patches/CVE-2018-14437-prereq.patch: check for negative
values
- debian/patches/CVE-2018-14437.patch: free strings in error
conditions
- CVE-2018-14437
* SECURITY UPDATE: memory leak in ReadOneJNGImage
- debian/patches/CVE-2018-16640-prereq-1.patch: define DestroyJNG()
- debian/patches/CVE-2018-16640-prereq-2.patch: fix DestroyJNG()
- debian/patches/CVE-2018-16640.patch: free memory on error
- CVE-2018-16640
* SECURITY UPDATE: denial of service due to out-of-bounds write
in InsertRow
- debian/patches/CVE-2018-16642.patch: improve checking for errors
- CVE-2018-16642
* SECURITY UPDATE: denial of service due to missing fputc checks
- debian/patches/CVE-2018-16643.patch: check fputc calls for error
- CVE-2018-16643
* SECURITY UPDATE: denial of service in ReadDCMImage and
ReadPICTImage
- debian/patches/CVE-2018-16644-prereq-1.patch: make
ReadRectangle() a boolean returning function and use it.
- debian/patches/CVE-2018-16644-prereq-2.patch: check for EOF
when reading from file
- debian/patches/CVE-2018-16644-prereq-3.patch: define
ThrowPICTException() macro and use it
- debian/patches/CVE-2018-16644-1.patch,
debian/patches/CVE-2018-16644-2.patch: check for invalid length
- CVE-2018-16644
* SECURITY UPDATE: excessive memory allocation issue in ReadBMPImage
- debian/patches/CVE-2018-16645.patch: ensure number_colors is
not too large
- CVE-2018-16645
* SECURITY UPDATE: denial of service in ReadOneJNGImage
- debian/patches/CVE-2018-16749.patch; check for NULL color_image
- CVE-2018-16749
* SECURITY UPDATE: memory leak in formatIPTCfromBuffer
- debian/patches/CVE-2018-16750.patch: free memory on error
- CVE-2018-16750
[ Marc Deslauriers ]
* SECURITY REGRESSION: segfault in png to gif conversion (LP: #1793485)
- debian/patches/0297-CVE-2017-13144.patch: removed pending further
investigation.
- debian/patches/CVE-2017-12430.patch: refreshed.
-- Steve Beattie <sbeat...@ubuntu.com> Fri, 28 Sep 2018 11:21:01 -0700
** Changed in: imagemagick (Ubuntu Trusty)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12430
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14434
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14435
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14436
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14437
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16323
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16640
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16642
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16643
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16644
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16645
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16749
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16750
** Changed in: imagemagick (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1793485
Title:
segfault in png to gif conversion
Status in imagemagick package in Ubuntu:
Fix Released
Status in imagemagick source package in Trusty:
Fix Released
Status in imagemagick source package in Xenial:
Fix Released
Status in imagemagick source package in Bionic:
Fix Released
Bug description:
Regression between 8:6.8.9.9-7ubuntu5.9 and 8:6.8.9.9-7ubuntu5.12.
Test case:
1. Download the attached pngs.
2. Run:
/usr/bin/convert -limit memory 512MiB -limit map 0MiB -limit file 10 -delay
16 -loop 0 -coalesce -deconstruct ./*.png ./output.gif
Expected result:
Process finishes with resulting output.gif.
Actual result:
Process is aborted with SIGSEGV:
Other information:
In my tests looks like it has been introduced in 8:6.8.9.9-7ubuntu5.11 and
does not occur on Bionic.
Stack trace:
#0 EncodeImage (image_info=0x645c40, data_size=<optimized out>,
image=0x636890) at ../../coders/gif.c:676
#1 WriteGIFImage (image_info=0x640700, image=0x636890)
at ../../coders/gif.c:1905
#2 0x00007ffff79a5f0f in WriteImage (image_info=image_info@entry=0x618680,
image=image@entry=0x62cb30) at ../../magick/constitute.c:1184
#3 0x00007ffff79a684f in WriteImages (image_info=image_info@entry=0x60fcd0,
images=<optimized out>, images@entry=0x62cb30, filename=<optimized out>,
exception=exception@entry=0x602ea0) at ../../magick/constitute.c:1335
#4 0x00007ffff763e84e in ConvertImageCommand (image_info=0x60fcd0, argc=19,
argv=0x6143b0, metadata=0x0, exception=0x602ea0)
at ../../wand/convert.c:3215
#5 0x00007ffff76ab527 in MagickCommandGenesis (
image_info=image_info@entry=0x60aab0,
command=0x4007f0 <ConvertImageCommand@plt>, argc=argc@entry=19,
argv=argv@entry=0x7fffffffdc68, metadata=metadata@entry=0x0,
exception=exception@entry=0x602ea0) at ../../wand/mogrify.c:168
#6 0x0000000000400877 in ConvertMain (argv=0x7fffffffdc68, argc=19)
at ../../utilities/convert.c:81
#7 main (argc=19, argv=0x7fffffffdc68) at ../../utilities/convert.c:92
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1793485/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
