Bug 1610620 (CVE-2018-14551)

Summary: CVE-2018-14551 ImageMagick: Uninitialized variable in coders/mat.c:ReadMATImageV4() allows for memory corruption
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jhorak, mike, pahan, sfowler
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ImageMagick 6.9.10-8, ImageMagick 7.0.8-8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:34:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1610622, 1610623    
Bug Blocks: 1610624    

Description Sam Fowler 2018-08-01 04:24:51 UTC
The ReadMATImageV4 function in coders/mat.c in ImageMagick before versions 6.9.10-8 and 7.0.8-8 uses an uninitialized variable, leading to memory corruption.


Upstream Issue:

https://github.com/ImageMagick/ImageMagick/issues/1221


Upstream Patches:

https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20
https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101

Comment 1 Sam Fowler 2018-08-01 04:25:13 UTC
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1610622]

Comment 3 Stefan Cornelius 2018-08-02 11:01:18 UTC
RHEL does not have this function. Upstream has it since https://github.com/ImageMagick/ImageMagick6/commit/e806bc5559474b19114faf235266dbb8f6b206ee

Comment 4 Stefan Cornelius 2018-08-02 11:01:28 UTC
Statement:

This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.