Bug 1058220 (CVE-2017-14248) - VUL-0: CVE-2017-14248: ImageMagick: A heap-based buffer over-read in SampleImage() in MagickCore/resize.c could lead to remote denial of service
Summary: VUL-0: CVE-2017-14248: ImageMagick: A heap-based buffer over-read in SampleIm...
Status: RESOLVED WORKSFORME
Alias: CVE-2017-14248
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Petr Gajdos
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/191720/
Whiteboard: CVSSv2:SUSE:CVE-2017-14248:5.0:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-12 07:05 UTC by Victor Pereira
Modified: 2020-07-26 05:54 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-09-12 07:05:20 UTC 
CVE-2017-14248

A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in
ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via
a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14248
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14248.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14248
https://github.com/ImageMagick/ImageMagick/issues/717
Comment 1 Petr Gajdos 2018-02-27 11:35:17 UTC 
BEFORE

12/ImageMagick

$ valgrind -q convert 1-im2pdf out.pdf
convert: IDAT: invalid code -- missing end-of-block `1-im2pdf' @ error/png.c/MagickPNGErrorHandler/1802.
convert: no images defined `out.pdf' @ error/convert.c/ConvertImageCommand/3149.
$

11/ImageMagick

$ valgrind -q convert 1-im2pdf out.png
convert: invalid literal/lengths set `1-im2pdf'.
convert: missing an image filename `out.png'.
$

11/GraphicsMagick

$ valgrind -q gm convert 1-im2pdf out.png
gm convert: invalid literal/lengths set (1-im2pdf).
$

42.3/GraphicsMagick

$ valgrind -q gm convert 1-im2pdf out.pdf
gm convert: IDAT: invalid code -- missing end-of-block (1-im2pdf).
$

=> no issues observed

PATCH

https://github.com/ImageMagick/ImageMagick/commit/c5402b6e0fcf8b694ae2af6a6652ebb8ce0ccf46

The code is not anywhere. Later comments in the upstream bug confirms it.