Bug 844101 (CVE-2012-3437)
Summary: | CVE-2012-3437 ImageMagick: Magick_png_malloc() size argument | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED WONTFIX | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | kem, mfisher, mmcgrath, nmurray, pahan | ||||
Target Milestone: | --- | Keywords: | Reopened, Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-06-10 21:36:29 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 844103, 844104, 1165396 | ||||||
Bug Blocks: | 844110 | ||||||
Attachments: |
|
Description
Kurt Seifried
2012-07-28 22:52:20 UTC
Created ImageMagick tracking bugs for this issue Affects: fedora-all [bug 844103] Created attachment 600950 [details] Patch for CVE-2012-3437 from ImageMagick SVN (In reply to comment #3) > Created attachment 600950 [details] > Patch for CVE-2012-3437 from ImageMagick SVN If I right understand it is reverse patch, forward should be http://trac.imagemagick.org/changeset/8733/ImageMagick/trunk/coders/png.c ? ImageMagick-6.7.5.6-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. ImageMagick-6.7.0.10-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. OpenShift does not grant sufficient resources to any customer application for it to hold a 4GB PNG file in the filesystem or malloc that much memory. I'm deferring Bug 844104 for a fixed package in RHEL 6. Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |