1000704 – (CVE-2016-7531) VUL-0: CVE-2016-7531: ImageMagick: Pbd file out of bound access

Bug 1000704 (CVE-2016-7531) - VUL-0: CVE-2016-7531: ImageMagick: Pbd file out of bound access

Summary: VUL-0: CVE-2016-7531: ImageMagick: Pbd file out of bound access

Status:	RESOLVED FIXED

Alias:	CVE-2016-7531

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2016-7531:4.3:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-09-23 10:57 UTC by Johannes Segitz
Modified:	2017-08-30 09:50 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-09-23 10:57:02 UTC

AddressSanitizer: heap-buffer-overflow WRITE of size 28 WRITE of size 1

References:
https://bugs.debian.org/832633
https://bugs.launchpad.net/bugs/1539061
https://bugs.launchpad.net/bugs/1542112
https://github.com/ImageMagick/ImageMagick/issues/107

Comment 1 Swamp Workflow Management 2016-09-23 22:03:09 UTC

bugbot adjusting priority

Comment 2 Petr Gajdos 2016-10-07 08:55:42 UTC

Could not manifest crash nor valgrind errors via three testcases from the two Ubuntu bugs.

Following two commits bind to this CVE:
https://github.com/ImageMagick/ImageMagick/commit/551fd13c2e1733b0c24985da812fb8a62537807a
https://github.com/ImageMagick/ImageMagick/commit/96a1370b8feed2240933fbef59731702521006a0

Code is in all versions of ImageMagick and GraphicsMagick, considering affected.

Comment 3 Petr Gajdos 2016-10-13 13:40:07 UTC

I believe all fixed.

Comment 4 Bernhard Wiedemann 2016-10-13 14:02:23 UTC

This is an autogenerated message for OBS integration:
This bug (1000704) was mentioned in
https://build.opensuse.org/request/show/434747 42.1 / GraphicsMagick

Comment 5 Swamp Workflow Management 2016-10-26 12:08:48 UTC

openSUSE-SU-2016:2641-1: An update that fixes 28 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000436,1000689,1000690,1000691,1000692,1000693,1000695,1000698,1000700,1000702,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,985442,999673
CVE References: CVE-2015-8957,CVE-2015-8958,CVE-2016-5688,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE 13.2 (src):    GraphicsMagick-1.3.20-12.1

Comment 6 Swamp Workflow Management 2016-10-26 12:17:41 UTC

openSUSE-SU-2016:2644-1: An update that fixes 23 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000689,1000693,1000695,1000698,1000700,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,999673
CVE References: CVE-2016-5688,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE Leap 42.1 (src):    GraphicsMagick-1.3.21-14.1

Comment 7 Swamp Workflow Management 2016-10-28 16:10:31 UTC

SUSE-SU-2016:2667-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-40.1

Comment 8 Swamp Workflow Management 2016-10-28 19:09:28 UTC

openSUSE-SU-2016:2671-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000703,1000704,1000706,1000707,1000708,1000709,1000710,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7536,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-34.1

Comment 9 Swamp Workflow Management 2016-11-04 14:09:17 UTC

SUSE-SU-2016:2724-1: An update that fixes 26 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000436,1000689,1000690,1000691,1000692,1000693,1000695,1000698,1000700,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,999673
CVE References: CVE-2015-8957,CVE-2015-8958,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.46.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.46.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.46.1

Comment 10 Swamp Workflow Management 2016-11-10 16:16:50 UTC

openSUSE-SU-2016:2770-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-21.1

Comment 11 Swamp Workflow Management 2016-12-01 17:10:46 UTC

SUSE-SU-2016:2964-1: An update that fixes 34 vulnerabilities is now available.

Category: security (important)
Bug References: 1000399,1000434,1000436,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000698,1000699,1000700,1000701,1000703,1000704,1000707,1000709,1000711,1000713,1000714,1001066,1001221,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1007245
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-5687,CVE-2016-6823,CVE-2016-7101,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7533,CVE-2016-7535,CVE-2016-7537,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684,CVE-2016-8862
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1

Comment 12 Swamp Workflow Management 2016-12-08 17:10:12 UTC

openSUSE-SU-2016:3060-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 1000399,1000434,1000689,1000698,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,1007245,1011130,982178,983521,983752,983794,983799,984145,984150,984166,984372,984375,984394,984400,984436
CVE References: CVE-2014-9805,CVE-2014-9807,CVE-2014-9809,CVE-2014-9815,CVE-2014-9817,CVE-2014-9820,CVE-2014-9831,CVE-2014-9834,CVE-2014-9835,CVE-2014-9837,CVE-2014-9845,CVE-2014-9846,CVE-2014-9853,CVE-2016-5118,CVE-2016-6823,CVE-2016-7101,CVE-2016-7515,CVE-2016-7522,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684,CVE-2016-8862,CVE-2016-9556
Sources used:
openSUSE Leap 42.2 (src):    GraphicsMagick-1.3.25-3.1

Comment 13 Marcus Meissner 2016-12-22 12:21:56 UTC

rekeased

Comment 14 Petr Gajdos 2017-08-29 08:02:25 UTC

GraphicsMagick allocates less memory, I have asked upstream to consider this.

Comment 15 Petr Gajdos 2017-08-30 09:50:38 UTC

Upstream does not think current code is affected.