Bug 1350459 (CVE-2016-5841)

Summary: CVE-2016-5841 ImageMagick: Integer overflow in MagickCore/profile.c
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abhgupta, dmcphers, ethan, jhorak, jialiu, jokerman, kseifried, lmeyer, mmccomas, nmurray, pahan, sardella, slawomir, tiwillia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-18 09:49:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1350462    
Bug Blocks: 1350463    

Description Adam Mariš 2016-06-27 13:50:35 UTC 
An integer overflow vulnerability was found in MagickCore/property.c that can potentially lead to code execution.

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b

CVE request:

http://seclists.org/oss-sec/2016/q2/586
Comment 1 Adam Mariš 2016-06-27 14:00:46 UTC 
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1350462]
Comment 3 Stefan Cornelius 2016-08-18 09:49:23 UTC 
Although we do have affected code snippets, I could not find an attack vector to exploit this prior to the following commit:
https://github.com/ImageMagick/ImageMagick/commit/e9438e2a82d35b6657e908ff38ec0303f432b655

Statement:

This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.