Bug 983308 (CVE-2016-4564) - VUL-0: CVE-2016-4564: ImageMagick: The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and7.x before 7.0.1-2 mak...
Summary: VUL-0: CVE-2016-4564: ImageMagick: The DrawImage function in MagickCore/draw....
Status: RESOLVED FIXED
Alias: CVE-2016-4564
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Petr Gajdos
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/169794/
Whiteboard: CVSSv2:SUSE:CVE-2016-4564:5.1:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-06 14:53 UTC by Marcus Meissner
Modified: 2016-07-20 10:10 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-06 14:53:22 UTC 
CVE-2016-4564

The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and
7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the
next token, which allows remote attackers to cause a denial of service (buffer
overflow and application crash) or possibly have unspecified other impact via a
crafted file.

also covered in bug 983292 with git commit

https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4564
http://seclists.org/oss-sec/2016/q2/476
http://www.cvedetails.com/cve/CVE-2016-4564/
Comment 1 Swamp Workflow Management 2016-06-06 22:02:59 UTC 
bugbot adjusting priority
Comment 2 Petr Gajdos 2016-06-08 06:33:42 UTC 
No reproducer found:

"The person who requested these CVE IDs from MITRE provided a security
advisory showing three independent problems (also with quite different
attack methodologies) that each happens to have a resultant buffer
overflow. However, they do not plan to make their security advisory
public. The CVE descriptions are based only on the surface-level
code-change information that is public in GitHub. For open-source
software, it is relatively rare for someone to compose a detailed
advisory about multiple CVEs and keep it permanently non-public, but
this can happen. One of the effects of non-public advisories is that
the number of CVEs may seem unrelated to the commit message."
Comment 3 Petr Gajdos 2016-06-23 13:06:54 UTC 
I believe all fixed.
Comment 4 Bernhard Wiedemann 2016-06-23 14:01:23 UTC 
This is an autogenerated message for OBS integration:
This bug (983308) was mentioned in
https://build.opensuse.org/request/show/404239 13.2 / ImageMagick
Comment 8 Bernhard Wiedemann 2016-06-29 14:01:28 UTC 
This is an autogenerated message for OBS integration:
This bug (983308) was mentioned in
https://build.opensuse.org/request/show/405459 13.2 / ImageMagick
Comment 9 Swamp Workflow Management 2016-07-06 19:05:37 UTC 
openSUSE-SU-2016:1748-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-26.1
Comment 10 Swamp Workflow Management 2016-07-11 14:09:10 UTC 
SUSE-SU-2016:1782-1: An update that fixes 57 vulnerabilities is now available.

Category: security (important)
Bug References: 983234,983253,983259,983292,983305,983308,983521,983523,983533,983739,983746,983752,983774,983794,983796,983799,983803,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984150,984160,984166,984181,984184,984185,984186,984187,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984408,984409,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9842,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9849,CVE-2014-9851,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.45.1
Comment 11 Swamp Workflow Management 2016-07-11 14:28:05 UTC 
SUSE-SU-2016:1784-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-30.2
Comment 12 Swamp Workflow Management 2016-07-20 10:10:17 UTC 
openSUSE-SU-2016:1833-1: An update that fixes 68 vulnerabilities is now available.

Category: security (important)
Bug References: 983232,983234,983253,983259,983292,983305,983308,983521,983523,983527,983533,983739,983746,983752,983774,983794,983796,983799,983803,984014,984018,984023,984028,984032,984035,984135,984137,984142,984144,984145,984149,984150,984160,984166,984172,984179,984181,984183,984184,984185,984186,984187,984191,984193,984370,984372,984373,984374,984375,984379,984394,984398,984400,984401,984404,984406,984408,984409,984427,984433,984436,985442,985448,985451,985456,985460,986608,986609
CVE References: CVE-2014-9805,CVE-2014-9806,CVE-2014-9807,CVE-2014-9808,CVE-2014-9809,CVE-2014-9810,CVE-2014-9811,CVE-2014-9812,CVE-2014-9813,CVE-2014-9814,CVE-2014-9815,CVE-2014-9816,CVE-2014-9817,CVE-2014-9818,CVE-2014-9819,CVE-2014-9820,CVE-2014-9821,CVE-2014-9822,CVE-2014-9823,CVE-2014-9824,CVE-2014-9825,CVE-2014-9826,CVE-2014-9828,CVE-2014-9829,CVE-2014-9830,CVE-2014-9831,CVE-2014-9832,CVE-2014-9833,CVE-2014-9834,CVE-2014-9835,CVE-2014-9836,CVE-2014-9837,CVE-2014-9838,CVE-2014-9839,CVE-2014-9840,CVE-2014-9841,CVE-2014-9842,CVE-2014-9843,CVE-2014-9844,CVE-2014-9845,CVE-2014-9846,CVE-2014-9847,CVE-2014-9848,CVE-2014-9849,CVE-2014-9850,CVE-2014-9851,CVE-2014-9852,CVE-2014-9853,CVE-2014-9854,CVE-2015-8894,CVE-2015-8895,CVE-2015-8896,CVE-2015-8897,CVE-2015-8898,CVE-2015-8900,CVE-2015-8901,CVE-2015-8902,CVE-2015-8903,CVE-2016-4562,CVE-2016-4563,CVE-2016-4564,CVE-2016-5687,CVE-2016-5688,CVE-2016-5689,CVE-2016-5690,CVE-2016-5691,CVE-2016-5841,CVE-2016-5842
Sources used:
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-15.1