Author: carnil Date: 2016-09-18 17:26:09 +0000 (Sun, 18 Sep 2016) New Revision: 44723
Modified: data/CVE/list Log: Add CVE-2016-7449/graphicsmagick, add extensive note about the scope Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-18 17:23:29 UTC (rev 44722) +++ data/CVE/list 2016-09-18 17:26:09 UTC (rev 44723) @@ -2172,8 +2172,17 @@ RESERVED CVE-2016-7450 RESERVED -CVE-2016-7449 +CVE-2016-7449 [all TIFF related problems due to use of strlcpy use] RESERVED + - graphicsmagick 1.3.25-1 + NOTE: The scope of the CVE is for all of these reported TIFF problems. + NOTE: The ultimate vulnerability was use of: + NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1))); + NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate + NOTE: function choice for this type of scenario of untrusted-data copying. + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5 + NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/ + NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/ CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU] RESERVED - graphicsmagick 1.3.25-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits