Bugzilla – Bug 965574
VUL-1: CVE-2015-8808: GraphicsMagick: Out-of-bound read in the parsing of gif files using 1.3.18
Last modified: 2016-08-01 14:45:02 UTC
Via OSS-sec: >We found a read out-of-bound in the parsing of gif files using >GraphicsMagick. This issue was tested in Ubuntu 14.04 (x86_64) using >GraphicsMagick 1.3.18. > >$ ./gm identify overflow.gif > >AddressSanitizer: heap-buffer-overflow >READ of size 1 > >SUMMARY: AddressSanitizer: heap-buffer-overflow coders/gif.c:276 DecodeImage > >This issue is caused by the use of unintialized memory in DecodeImage and >fortunately it was fixed here: > >http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2 > >Date: 2015-02-02 0:33:27 > >coders/gif.c (DecodeImage): Assure that GIF decoder does not use >unitialized data. > > + (void) memset(prefix,0,MaxStackSize*sizeof(short)); > + (void) memset(suffix,0,MaxStackSize); Use CVE-2015-8808. The scope of this CVE does not include the "FIXME: Is the logic for this loop (or the loop which inits suffix and prefix arrays) correct? Values are intentionally accessed outside of the explictly initialized range of 'clear'." observation in the same commit. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8808 http://seclists.org/oss-sec/2016/q1/290
Very little impact (read off by one), so setting VUL-1 as pending issue.
bugbot adjusting priority
Package submitted.
SUSE-SU-2016:1614-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 851064,965574,982178 CVE References: CVE-2013-4589,CVE-2015-8808,CVE-2016-5118 Sources used: SUSE Studio Onsite 1.3 (src): GraphicsMagick-1.2.5-4.38.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): GraphicsMagick-1.2.5-4.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): GraphicsMagick-1.2.5-4.38.1
released