Bug 345371
Summary: | Crash in ImageMagick's VIFF coder | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Lubomir Kundrak <lkundrak> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED NOTABUG | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | bnocera, kreilly, nmurray | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418054 | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2007-12-05 15:32:36 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Lubomir Kundrak
2007-10-22 15:19:43 UTC
Created attachment 234161 [details]
ImageMagic VIFF coder crasher 1
Created attachment 234171 [details]
ImageMagic VIFF coder crasher 2
RHEL-2.1: A NULL pointer dereference bash-2.05# display segv.viff Segmentation fault (core dumped) bash-2.05# Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208125760 (LWP 17537)] ReadVIFFImage (image_info=0x9f76b28, exception=0xbff124f0) at viff.c:626 626 indexes[x+bit]=(IndexPacket) (gdb) print x+bit $1 = 0 (gdb) print indexes $2 = <value optimized out> (gdb) print indexes[x+bit] Cannot access memory at address 0x0 (gdb) bt #0 ReadVIFFImage (image_info=0x9f76b28, exception=0xbff124f0) at viff.c:626 #1 0x0014669b in ReadImage (image_info=0x9f73a38, exception=0xbff124f0) at constitute.c:1889 #2 0x08049762 in main (argc=Cannot access memory at address 0x0 ) at display.c:1355 (gdb) RHEL-3: A warning bash-2.05b# display segv.viff display: Invalid colormap index (segv.viff). <-- black windows pops up --> RHEL-4: Another warning bash-3.00# display segv.viff display: pixel cache is not open `segv.viff'. <-- black windows pops up --> RHEL-5: ASSERT() fail bash-3.1# display segv.viff display: magick/cache.c:2383: GetNexus: Assertion `cache_info->number_views != 0UL' failed. Aborted (core dumped) bash-3.1# To me, only the RHEL 2.1 presents a security risk. There's no injection possibilities with RHEL3, 4 or 5. We are not fixing this. It's just a NULL dereference in 2.1. |