Bug 1016586

Summary: VUL-0: imagemagick: Memory leak in psd file handling
Product: [Novell Products] SUSE Security Incidents Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: IncidentsAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, jsegitz, matthias.gerstner, nadvornik, pgajdos
Version: unspecified   
Target Milestone: unspecified   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Mikhail Kasimov 2016-12-20 20:05:46 UTC 
Ref: http://seclists.org/oss-sec/2016/q4/713

========================================================================
Debian bug: https://bugs.debian.org/845239
Reference URL: https://security-tracker.debian.org/845239
Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
Upstream issue: N/A
Upstream version fixed: 6.9.6-3
========================================================================
Comment 1 Swamp Workflow Management 2016-12-20 23:03:07 UTC 
bugbot adjusting priority
Comment 2 Matthias Gerstner 2016-12-22 11:57:36 UTC 
ImageMagick:

[affected] SLE-12:Update in coders/psd.c:1432
[affected] SLE-11:Update in coders/psd.c:1101
[affected] openSUSE:13.2:Update in coders/psd.c:1454

GraphicsMagick:

[unclear] SLE-11:Update in coders/psd.c:1118:
  the code in question is there but commented out. Could be another issue?
[unclear] openSUSE:13.2:Update in coders/psd.c:1122: the same
[unclear] openSUSE:Leap:42.1:Update in coders/psd.c:1149: the same
[unclear] openSUSE:Leap:42.2:Update in coders/psd.c:1149: the same
Comment 3 Johannes Segitz 2016-12-28 10:22:56 UTC 
all ImageMagick issues from one oss posting were opened twice

*** This bug has been marked as a duplicate of bug 1017317 ***