Bug 1073687 (CVE-2017-17783) - VUL-0: CVE-2017-17783: GraphicsMagick: Buffer over-read in ReadPALMImage incoders/palm.c when QuantumDepth is 8
Summary: VUL-0: CVE-2017-17783: GraphicsMagick: Buffer over-read in ReadPALMImage inco...
Status: RESOLVED WORKSFORME
Alias: CVE-2017-17783
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/196898/
Whiteboard: CVSSv3:RedHat:CVE-2017-17783:4.4:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-20 13:27 UTC by Johannes Segitz
Modified: 2018-02-02 09:29 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-12-20 13:27:13 UTC 
CVE-2017-17783

In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in
coders/palm.c when QuantumDepth is 8.

Fixed by 
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17783
https://sourceforge.net/p/graphicsmagick/bugs/529/
Comment 1 Petr Gajdos 2018-01-31 11:22:55 UTC 
We use following quantum depths:
12/ImageMagick:      16 (explicitly)
11/ImageMagick:      16 (by using default)
11/GraphicsMagick:   8  (explicitly)
42.3/GraphicsMagick: 16 (explicitly)

So only 11/GraphicsMagick is suspected to be affected.
Comment 2 Petr Gajdos 2018-01-31 11:29:27 UTC 
(And it will not to be changed in 16 -> 8 way in future for released products, as that could cause regressions.)
Comment 3 Petr Gajdos 2018-01-31 15:12:35 UTC 
Will submit for: 12/ImageMagick and 11/ImageMagick
Comment 4 Petr Gajdos 2018-01-31 15:19:34 UTC 
(In reply to Petr Gajdos from comment #3)
> Will submit for: 12/ImageMagick and 11/ImageMagick

Bad window.
Comment 5 Petr Gajdos 2018-01-31 15:23:54 UTC 
Via testcase:

12/ImageMagick

$ valgrind -q mogrify 3RdlNUpKUwgTWSwLU6D4juiH11gePOhJ.palm
$

11/ImageMagick

$ valgrind -q mogrify 3RdlNUpKUwgTWSwLU6D4juiH11gePOhJ.palm
$

11/GraphicsMagick

$ valgrind -q gm mogrify 3RdlNUpKUwgTWSwLU6D4juiH11gePOhJ.palm
gm mogrify: Memory allocation failed (3RdlNUpKUwgTWSwLU6D4juiH11gePOhJ.palm).
$

42.3/GraphicsMagick

$ valgrind -q gm mogrify 3RdlNUpKUwgTWSwLU6D4juiH11gePOhJ.palm
Depth 1
Depth 2
Depth 4
Depth 8
$

HG/GraphicsMagick: does not write PALM
Comment 6 Petr Gajdos 2018-01-31 15:30:06 UTC 
11/GraphicsMagick does not have the code.

According to comment 1, we are not affected.