Bug 1326834

Summary: ImageMagick: Multiple minor security issues in 6.9.2
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, anemec, dmcphers, ethan, jhorak, jialiu, jokerman, kseifried, lmeyer, mmccomas, nmurray, pahan, slawomir, tiwillia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-09 10:00:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1326835    
Bug Blocks: 1326836    

Description Adam Mariš 2016-04-13 13:40:10 UTC 
Multiple security issues were found in ImageMagick 6.9.2.

Memory Leak while handle psd file
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
IM 6.9.2 crash with some PNG
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
Prevent null pointer access in magick/constitute.c
https://github.com/ImageMagick/ImageMagick/pull/34
PixelColor off by one on i386
https://github.com/ImageMagick/ImageMagick/issues/54
Fixed memory leak when reading incorrect PSD files
https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6
Comment 1 Adam Mariš 2016-04-13 13:40:35 UTC 
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1326835]
Comment 2 Stefan Cornelius 2016-06-01 18:25:48 UTC 
Patches:

Memory Leak while handle psd file
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
Patch: https://github.com/ImageMagick/ImageMagick/commit/c848729aee3599c5bb859974180de02f9e8f49b1

IM 6.9.2 crash with some PNG
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
http://git.imagemagick.org/repos/ImageMagick/commit/e00cf211070e7f150a3da77932b8620c89bb9225

Prevent null pointer access in magick/constitute.c
https://github.com/ImageMagick/ImageMagick/pull/34
https://github.com/ImageMagick/ImageMagick/pull/34/commits/aa785715d46f2b18b60c652a177c57bc8f0a0a68

PixelColor off by one on i386
https://github.com/ImageMagick/ImageMagick/issues/54
(the PixelColor issue does not appear to be security relevant)

Fixed memory leak when reading incorrect PSD files
https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6
Comment 5 Martin Prpič 2016-06-07 11:39:38 UTC 
(In reply to Stefan Cornelius from comment #2)
> Prevent null pointer access in magick/constitute.c
> https://github.com/ImageMagick/ImageMagick/pull/34
> https://github.com/ImageMagick/ImageMagick/pull/34/commits/
> aa785715d46f2b18b60c652a177c57bc8f0a0a68
> 

This issue was assigned CVE-2015-8898 in:

http://seclists.org/oss-sec/2016/q2/459
Comment 6 Martin Prpič 2016-06-07 11:44:02 UTC 
(In reply to Stefan Cornelius from comment #2)
> IM 6.9.2 crash with some PNG
> http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
> http://git.imagemagick.org/repos/ImageMagick/commit/
> e00cf211070e7f150a3da77932b8620c89bb9225
> 

And this one is CVE-2015-8897, marked as 'Out of bounds error in SpliceImage' in:

http://seclists.org/oss-sec/2016/q2/459
Comment 8 Stefan Cornelius 2016-06-09 10:00:35 UTC 
CVE-2015-8897 has been moved out to bug #1344271:
https://bugzilla.redhat.com/1344271

CVE-2015-8898 has been moved out to bug #1344264:
https://bugzilla.redhat.com/1344264


* Memory Leak while handle psd file
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791
Patch: https://github.com/ImageMagick/ImageMagick/commit/c848729aee3599c5bb859974180de02f9e8f49b1
This issue does not affect RHEL6 and 7.

* PixelColor off by one on i386
https://github.com/ImageMagick/ImageMagick/issues/54
This issue does not appear to have any security impact.

* Fixed memory leak when reading incorrect PSD files
https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6
This issue affects RHEL 6 and 7, but it's only a small memory leak.