Bug 903216 (CVE-2014-8355) - VUL-0: CVE-2014-8355: ImageMagick: out-of-bounds memory access in PCX parser
Summary: VUL-0: CVE-2014-8355: ImageMagick: out-of-bounds memory access in PCX parser
Status: RESOLVED FIXED
Alias: CVE-2014-8355
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Minor
Target Milestone: ---
Deadline: 2014-11-27
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/110263/
Whiteboard: maint:released:sle11-sp1:59862 maint...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-30 10:29 UTC by Victor Pereira
Modified: 2014-12-15 10:14 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-10-30 10:29:45 UTC 
CVE-2014-8355

ImageMagick 6.8.9-9 fixes an unspecified bug in PCX parser code.
It's likely [1] that this is pretty low-impact issue.


References:
https://bugs.gentoo.org/show_bug.cgi?id=527028#c0
https://bugzilla.redhat.com/show_bug.cgi?id=1158523
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355
Comment 1 Petr Gajdos 2014-10-30 13:04:32 UTC 
Fixed for factory.
Comment 5 Petr Gajdos 2014-11-04 09:03:43 UTC 
They seem to fix also some memory leaking in the patch, I guess we can adopt.
Comment 6 Petr Gajdos 2014-11-04 12:12:26 UTC 
All packages are submitted I believe.
Comment 9 Swamp Workflow Management 2014-11-12 10:05:07 UTC 
openSUSE-SU-2014:1396-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 903204,903216,903638
CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-4.1
openSUSE 13.1 (src):    ImageMagick-6.8.6.9-2.24.1
openSUSE 12.3 (src):    ImageMagick-6.7.8.8-4.17.1
Comment 10 Swamp Workflow Management 2014-11-13 11:35:02 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-11-27.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59636
Comment 12 Petr Gajdos 2014-11-13 16:03:12 UTC 
openSUSE: mr#261433
sle12:    mr#46276
11:       sr#46277
10sp3:    sr#46279
Comment 14 Petr Gajdos 2014-11-14 11:40:57 UTC 
.
Comment 16 Swamp Workflow Management 2014-12-08 16:07:29 UTC 
SUSE-SU-2014:1595-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 903204,903216,903638,905260
CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562,CVE-2014-8716
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    ImageMagick-6.8.8.1-8.2
SUSE Linux Enterprise Software Development Kit 12 (src):    ImageMagick-6.8.8.1-8.2
SUSE Linux Enterprise Server 12 (src):    ImageMagick-6.8.8.1-8.2
SUSE Linux Enterprise Desktop 12 (src):    ImageMagick-6.8.8.1-8.2
Comment 17 Swamp Workflow Management 2014-12-13 05:05:05 UTC 
SUSE-SU-2014:1631-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 903204,903216,903638,905260
CVE References: CVE-2014-8354,CVE-2014-8355,CVE-2014-8562,CVE-2014-8716
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    ImageMagick-6.4.3.6-7.30.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    ImageMagick-6.4.3.6-7.30.1
SUSE Linux Enterprise Server 11 SP3 (src):    ImageMagick-6.4.3.6-7.30.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    ImageMagick-6.4.3.6-7.30.1
Comment 18 Marcus Meissner 2014-12-15 10:13:24 UTC 
released


fwiw, was GraphicsMagick also affected?