Bug 807997 (CVE-2012-1798)

Summary: CVE-2012-1798 ImageMagick: Out-of-bounds buffer read by copying image bytes for TIFF images with crafted TIFF EXIF IFD value
Product: [Other] Security Response Reporter: Stefan Cornelius <scorneli>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jlieskov, kem, nmurray, pahan, rrosario, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 21:52:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 796844, 796845, 808159    
Bug Blocks: 789444    

Description Stefan Cornelius 2012-03-29 10:11:31 UTC 
An out-of-bounds buffer read flaw was found in the way ImageMagick, an image display and manipulation tool for the X Window System, retrieved source memory location by attempt to copy image bytes for certain TIFF image files. A remote attacker could provide a TIFF image with specially-crafted value of Exif IFD (set of tags for recording Exif-specific attribute information), which once opened in some ImageMagick tool would lead to the crash of that tool (denial of service).

[1] http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629
Comment 1 Jan Lieskovsky 2012-03-29 17:05:27 UTC 
Acknowledgements:

Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters.
Comment 2 Jan Lieskovsky 2012-03-29 17:31:27 UTC 
This issue affects the versions of the ImageMagick package, as shipped with Fedora release of 15 and 16.
Comment 3 Jan Lieskovsky 2012-03-29 17:40:16 UTC 
Public now via:
[2] http://www.cert.fi/en/reports/2012/vulnerability635606.html
Comment 4 Jan Lieskovsky 2012-03-29 17:44:01 UTC 
Created ImageMagick tracking bugs for this issue

Affects: fedora-all [bug 808159]
Comment 5 Stefan Cornelius 2012-03-30 11:58:56 UTC 
This issue affects the versions of the ImageMagick package, as shipped with Red Hat Enterprise Linux 6.
Comment 6 Pavel Alexeev 2012-04-11 13:29:15 UTC 
Rawhide build which should fix it http://koji.fedoraproject.org/koji/taskinfo?taskID=3977291.
Comment 7 errata-xmlrpc 2012-05-07 18:51:35 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0544 https://rhn.redhat.com/errata/RHSA-2012-0544.html