Bug 984170 (CVE-2014-9827) - VUL-0: CVE-2014-9827: GraphicsMagick,ImageMagick: handling of corrupted of xpm file
Summary: VUL-0: CVE-2014-9827: GraphicsMagick,ImageMagick: handling of corrupted of xp...
Status: RESOLVED INVALID
Alias: CVE-2014-9827
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Petr Gajdos
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/169742/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-10 13:31 UTC by Marcus Meissner
Modified: 2016-06-15 10:47 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2016-06-10 13:43:43 UTC 
not sure what the fix here is.

just the else branch is just not in use, the rest seems just reindeted
Comment 2 Swamp Workflow Management 2016-06-10 22:02:45 UTC 
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-06-15 10:47:26 UTC 
This seems to fix the logic when (search_start != MagickFalse) condition is true; if I get it correctly from the quick view, in that case the code seem to skip prefixes outlined in targets[NumberTargets], but the main purpose of this function is skipped when the else is there.

Anyway, we are not affected anywhere, because this functionality was added recently and is available only in Tumbleweed's version.