Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADh9TwLptrnPz_4vjkvJWmH8wOWhqD0brLPQmvizzQ1QvFP56A@mail.gmail.com>
Date: Thu, 19 Dec 2019 11:26:09 +0800
From: GalyCannon <galycannon@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE requests: three vulnerabilities in ImageMagick

Hi,
   I have found three vulnerabilities in ImageMagick and all this have
patched by ImageMagick developer team. However, I requested cve ids for
these vulveribilities and get no any response. How should I  request CVE
ids for vulnerilities I found in ImageMagick now? Which CNA should I
contact with to assign CVE ids for open source software such as imagemagick?
   The three vulnerabilities details as below.
    1. heap-buffer-overflow in WritePNGImage of png.c
[Suggested description]
In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
heap-buffer-overflow overflow in the function WritePNGImage of png.c ,
which allows remote attackers to cause  arbitrary code execution, denial of
service or possibly have unspecified other impact via a crafted image file
.
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function WritePNGImage of png.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc ./test.png
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1561
https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce

https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617

[Discoverer]
galycannon of JDCloud Security Team

   2. heap-buffer-overflow in WriteSGIImage of coders/sgi.c
[Suggested description]
In ImageMagick  7.0.8-43  and ImageMagick6  6.9.10-43, there is a
heap-buffer-overflow overflow in the function WriteSGIImage of coders/sgi.c
, which allows remote attackers to cause  arbitrary code execution, denial
of service or possibly have unspecified other impact via a crafted image
file  .
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function WriteSGIImage of coders/sgi.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc ./test.sgi
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1562
https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c

https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54

[Discoverer]
galycannon of JDCloud Security Team

 3. heap-use-after-free in MngInfoDiscardObject of coders/png.c
[Suggested description]
In ImageMagick   7.0.9-7, there is a heap-use-after-free in function
MngInfoDiscardObject of coders/png.c , which allows remote attackers to
cause  arbitrary code execution, denial of service or possibly have
unspecified other impact via a crafted image file  .
[Vendor of Product]
https://imagemagick.org
[Affected Component]
function MngInfoDiscardObject of coders/png.c
[Attack Type]
Remote
[Attack Vectors]
magick convert $poc /dev/null
[Reference]
https://github.com/ImageMagick/ImageMagick/issues/1791
https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c

[Discoverer]
galycannon of JDCloud Security Team

Regards,
galycannon

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.