|
Message-Id: <20160922051720.E6D8C6C09A8@smtpvmsrv1.mitre.org> Date: Thu, 22 Sep 2016 01:17:20 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, roucaries.bastien@...il.com, team@...urity.debian.org, luciano@...ian.org Subject: Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Date: Sun, 7 Aug 2016 17:12:15 +0200 > off-by-one error leading to segfault: > Debian Bug: https://bugs.debian.org/832455 > Additional references: > ---------------------- > https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723 Use CVE-2016-7513. > out-of-bounds read in coders/psd.c: > Debian Bug: https://bugs.debian.org/832457 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1533442 > https://github.com/ImageMagick/ImageMagick/issues/83 > https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f > https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d > https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb > https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1 > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7514. > rle file handling for corrupted file: > Debian Bug: https://bugs.debian.org/832461 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1533445 > https://github.com/ImageMagick/ImageMagick/issues/82 > https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1 > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7515. > buffer overflow in sun file handling: > Debian Bug: https://bugs.debian.org/832464 > Additional references: > ---------------------- > http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838 > https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a > https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d > https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4 Use CVE-2015-8957. > potential DOS in sun file handling due to malformed files: > Debian Bug: https://bugs.debian.org/832465 > Additional references: > ---------------------- > http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857 > https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75 > https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f > https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961 > https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105 Use CVE-2015-8958. > out of bounds problem in rle, pict, viff and sun files: > Debian Bug: https://bugs.debian.org/832467 > https://bugs.launchpad.net/bugs/1533452 > https://github.com/ImageMagick/ImageMagick/issues/77 > AddressSanitizer: heap-buffer-overflow > READ of size 4 > viff.c Use CVE-2016-7516. > https://bugs.launchpad.net/bugs/1533449 > https://github.com/ImageMagick/ImageMagick/issues/80 > AddressSanitizer: heap-buffer-overflow > READ of size 1 > pict.c Use CVE-2016-7517. > https://bugs.launchpad.net/bugs/1533447 > https://github.com/ImageMagick/ImageMagick/issues/81 > AddressSanitizer: heap-buffer-overflow > READ of size 1 > sun.c Use CVE-2016-7518. > https://bugs.launchpad.net/bugs/1533445 > https://github.com/ImageMagick/ImageMagick/issues/82 > AddressSanitizer: heap-buffer-overflow > READ of size 1 > rle.c Use CVE-2016-7519. > heap overflow in hdr file handling: > Debian Bug: https://bugs.debian.org/832469 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537213 > https://github.com/ImageMagick/ImageMagick/issues/90 > https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556 > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7520. > heap buffer overflow in psd file handling: > Debian Bug: https://bugs.debian.org/832474 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537418 > https://github.com/ImageMagick/ImageMagick/issues/92 > https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4 > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7521. > out of bound access for malformed psd file: > Debian Bug: https://bugs.debian.org/832475 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537419 > https://github.com/ImageMagick/ImageMagick/issues/93 > https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58 > AddressSanitizer: heap-buffer-overflow > READ of size 2 Use CVE-2016-7522. > meta file out of bound access: > Debian Bug: https://bugs.debian.org/832478 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537420 > https://github.com/ImageMagick/ImageMagick/issues/96 > https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6 > https://github.com/ImageMagick/ImageMagick/commit/5a34d7ac889bd6645f6cfd164636e3efb56dbb2f We are not sure that we understand this set of references. bugs/1537420 does not link to issues/96. We will assign separate CVE IDs for these pairs of references: > https://bugs.launchpad.net/bugs/1537420 > https://github.com/ImageMagick/ImageMagick/issues/94 > AddressSanitizer: heap-buffer-overflow > READ of size 1 > meta.c:496 Use CVE-2016-7523. > https://bugs.launchpad.net/bugs/1537422 > https://github.com/ImageMagick/ImageMagick/issues/96 > AddressSanitizer: heap-buffer-overflow > READ of size 1 > meta.c:465 Use CVE-2016-7524. > heap buffer overflow in psd file coder: > Debian Bug: https://bugs.debian.org/832480 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537424 > https://github.com/ImageMagick/ImageMagick/issues/98 > https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8 > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7525. > out of bound access in wpg file coder: > Debian Bug: https://bugs.debian.org/832482 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1539050 > https://bugs.launchpad.net/bugs/1542115 > https://github.com/ImageMagick/ImageMagick/issues/102 > https://github.com/ImageMagick/ImageMagick/issues/122 > https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 > https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 > https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41 We will assign separate CVE IDs for these subsets of the references: > https://bugs.launchpad.net/bugs/1539050 > https://github.com/ImageMagick/ImageMagick/issues/102 > https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7 > https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599 > AddressSanitizer: heap-buffer-overflow > WRITE of size 2 Use CVE-2016-7526. > https://bugs.launchpad.net/bugs/1542115 > https://github.com/ImageMagick/ImageMagick/issues/122 > https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41 > AddressSanitizer: global-buffer-overflow > READ of size 4096 Use CVE-2016-7527. > out of bound access for viff file coder: > Debian Bug: https://bugs.debian.org/832483 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1537425 > https://github.com/ImageMagick/ImageMagick/issues/99 > https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135 > AddressSanitizer: SEGV on unknown address Use CVE-2016-7528. > out of bound access in xcf file coder: > Debian Bug: https://bugs.debian.org/832504 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1539051 > https://bugs.launchpad.net/bugs/1539052 > https://github.com/ImageMagick/ImageMagick/issues/104 > https://github.com/ImageMagick/ImageMagick/issues/103 > https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7529. > out of bound in quantum handling: > Debian Bug: https://bugs.debian.org/832506 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1539067 > https://bugs.launchpad.net/bugs/1539053 > https://github.com/ImageMagick/ImageMagick/issues/105 > https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c > https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70 > https://github.com/ImageMagick/ImageMagick/issues/110 > https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3 > AddressSanitizer: heap-buffer-overflow > WRITE of size 1 Use CVE-2016-7530. > pbd file out of bound access: > Debian Bug: https://bugs.debian.org/832633 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1539061 > https://bugs.launchpad.net/bugs/1542112 > https://github.com/ImageMagick/ImageMagick/issues/107 > AddressSanitizer: heap-buffer-overflow > WRITE of size 28 > WRITE of size 1 Use CVE-2016-7531. > Fix handling of corrupted psd file: > Debian Bug: https://bugs.debian.org/832776 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1539066 > https://github.com/ImageMagick/ImageMagick/issues/109 > AddressSanitizer: heap-buffer-overflow > READ of size 5632 Use CVE-2016-7532. > wpg file out of bound for corrupted file: > Debian Bug: https://bugs.debian.org/832780 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1542114 > https://github.com/ImageMagick/ImageMagick/issues/120 > https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a > AddressSanitizer: heap-buffer-overflow > READ of size 1 Use CVE-2016-7533. > out of bound access in generic decoder: > Debian Bug: https://bugs.debian.org/832785 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1542785 > https://github.com/ImageMagick/ImageMagick/issues/126 > https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd > AddressSanitizer: heap-buffer-overflow > WRITE of size 2 Use CVE-2016-7534. > out of bound access for corrupted psd file: > Debian Bug: https://bugs.debian.org/832787 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1545180 > https://github.com/ImageMagick/ImageMagick/issues/128 > AddressSanitizer: heap-buffer-overflow > WRITE of size 1 Use CVE-2016-7535. > SEGV reported in corrupted profile handling: > Debian Bug: https://bugs.debian.org/832789 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1545367 > https://github.com/ImageMagick/ImageMagick/issues/130 > https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453 > AddressSanitizer: SEGV on unknown address Use CVE-2016-7536. > out of bound access for corrupted pdb file: > Debian Bug: https://bugs.debian.org/832791 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1553366 > https://github.com/ImageMagick/ImageMagick/issues/143 > https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f > AddressSanitizer: heap-buffer-overflow > READ of size 128 Use CVE-2016-7537. > SIGABRT for corrupted pdb file: > Debian Bug: https://bugs.debian.org/832793 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1556273 > https://github.com/ImageMagick/ImageMagick/issues/148 > https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472 > AddressSanitizer: heap-buffer-overflow > WRITE of size 65700 Use CVE-2016-7538. > DOS due to corrupted DDS files: > Debian Bug: https://bugs.debian.org/832944 > Additional references: > ---------------------- > http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861 > https://github.com/ImageMagick/ImageMagick/commit/93ab016764c7f787829d9065440d86f5609765110 This has a stray '9' character. It is supposed to be: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110 > https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4 Use CVE-2015-8959 for this entire coders/dds.c report from 2015. > DOS due to corrupted DDS files: > Debian Bug: https://bugs.debian.org/832942 > Additional references: > ---------------------- > https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f > https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52 > https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2 Use CVE-2014-9907 for this entire coders/dds.c report from 2014. > potential DOS by not releasing memory: > Debian Bug: https://bugs.debian.org/833101 > Additional references: > ---------------------- > Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c > http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946 Use CVE-2016-7539. > writing to rgf format aborts: > Debian Bug: https://bugs.debian.org/827643 > Additional references: > ---------------------- > https://bugs.launchpad.net/bugs/1594060 > https://github.com/ImageMagick/ImageMagick/pull/223 Use CVE-2016-7540. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX42gvAAoJEHb/MwWLVhi2ItEP/0xGPlLZNqqWzGSq/xBspzMX bwnMiwZrZXwKktNqOzhi4AhwLFPJzF74nVFf/DX1p5ZkmwfIlIdzFfYfPAlMDPH1 A/NLVnuDGmPOGblStiv92LbIBYXk8Rib1ise+37ekwsG6qa0RIk8VfSS+PTXUa62 4bec1cH+mWKaC5o27jOcWqaGoV2anFicXKiwQfj93HYtiauXN00dzWOtkGK/Av/q NlAe5pABEu8vVgIaXC7ZsHpAMNxlZSU015KffjgdAaXh/NK7g5Pkg9Zj0bo/A72q 5JHYCU7QMJBgnc6QDXC6vM+9DMOmWSzbaYH/5MFF1y897HqaIHhBef1yeg/kRtkX ojzMsVzMls8jdFnRH+05lp63YfL9WKGsXe9o0rQcEX+wWg5rePaJNDLhVc04iSG0 26MjVd/Dd+uhDSLBZpf31tDCjO6rBMO17kl606OUI2isxmUUPogB4iT1tNeM5QtW FqHaH+/i+DArcNI5yWIRf2OmFSfWKjkzJ7IRWvXpCJ1Kbwc8WbJgRqF0r6zVuAq5 gJjgtQUdjoQMhpsPDQkOKjxsCoqBFwv/a6wNeA0o/ov9z6ue8gz9PY/9sxUsgt7N +mMHvGwWg9/CXVxPTZyNjA5ViJUwG/wrl7Hd6Ri5kJqaUNMtX6uB9+BXfFLkUn8Q Kpv5aJqNL+N3osUfnMd4 =GSns -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.