Bug 130807

Summary: CAN-2004-0827 heap overflow in BMP decoder
Product: Red Hat Enterprise Linux 3 Reporter: Josh Bressers <bressers>
Component: ImageMagickAssignee: Jonathan Blandford <jrb>
Status: CLOSED RAWHIDE QA Contact: Mike McLean <mikem>
Severity: high Docs Contact:
Priority: medium    
Version: 3.0CC: ddumas, deisenst
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20041111
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-01 09:07:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
More comprehensive patch none

Description Josh Bressers 2004-08-24 20:28:57 UTC 
A heap overflow has been discovered in the ImageMagick BMP decoder. 
The demo BMP file is the same one which affected QT.


The demo image is attachment 102533 [details].

This issue also affects RHEL2.1

Fedora Core is being hadled by bug 130806
Comment 1 Josh Bressers 2004-08-24 20:30:13 UTC 
The patch for this issue is attachment 103039 [details]
Comment 2 Jonathan Blandford 2004-09-14 21:59:46 UTC 
I built these into errata-candidate.
Comment 3 Josh Bressers 2004-10-20 19:13:59 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-494.html
Comment 4 Josh Bressers 2004-10-20 19:34:09 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-480.html
Comment 5 David Eisenstein 2004-11-11 20:48:59 UTC 
FYI, as in 
   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130806#c2 ,
you may wish to have a look at 
   https://bugzilla.fedora.us/show_bug.cgi?id=2052#c10

because the patch in comment #1 may not have caught all of
the vulnerabilities, if this was the only patch applied into
RHSA's 2004-494 and 2004-480.
      -David
Comment 6 Josh Bressers 2004-11-11 22:05:01 UTC 
Our fix was obviously incomplete, we'll want to fix the correctly.
Comment 7 David Eisenstein 2004-11-16 07:45:47 UTC 
Created attachment 106788 [details]
More comprehensive patch

FYI, here is a more comprehensive patch for this issue we've come up with over
on Fedora Legacy that we will soon be testing.	 -David
Comment 8 Mark J. Cox 2004-12-01 09:07:03 UTC 
ImageMagic-6.0.7 seems to include these updated fixes in the upstream
version, which is part of RHEL4-re1129.0 -> resolving.