Author: carnil
Date: 2016-09-18 17:26:09 +0000 (Sun, 18 Sep 2016)
New Revision: 44723

Modified:
   data/CVE/list
Log:
Add CVE-2016-7449/graphicsmagick, add extensive note about the scope

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-18 17:23:29 UTC (rev 44722)
+++ data/CVE/list       2016-09-18 17:26:09 UTC (rev 44723)
@@ -2172,8 +2172,17 @@
        RESERVED
 CVE-2016-7450
        RESERVED
-CVE-2016-7449
+CVE-2016-7449 [all TIFF related problems due to use of strlcpy use]
        RESERVED
+       - graphicsmagick 1.3.25-1
+       NOTE: The scope of the CVE is for all of these reported TIFF problems.
+       NOTE: The ultimate vulnerability was use of:
+       NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
+       NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate
+       NOTE: function choice for this type of scenario of untrusted-data 
copying.
+       NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
+       NOTE: 
https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
+       NOTE: 
https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
 CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge 
memory allocations and/or consumed huge CPU]
        RESERVED
        - graphicsmagick 1.3.25-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to