Bug 130807 - CAN-2004-0827 heap overflow in BMP decoder
Summary: CAN-2004-0827 heap overflow in BMP decoder
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: ImageMagick   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jonathan Blandford
QA Contact: Mike McLean
URL:
Whiteboard: impact=important,public=20041111
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-24 20:28 UTC by Josh Bressers
Modified: 2013-04-02 04:19 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-01 09:07:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
More comprehensive patch (2.82 KB, patch)
2004-11-16 07:45 UTC, David Eisenstein
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:480 normal SHIPPED_LIVE Important: ImageMagick security update 2004-10-20 04:00:00 UTC
Red Hat Product Errata RHSA-2004:494 normal SHIPPED_LIVE Important: ImageMagick security update 2004-10-20 04:00:00 UTC
Red Hat Product Errata RHSA-2004:636 normal SHIPPED_LIVE Important: ImageMagick security update 2004-12-08 05:00:00 UTC

Description Josh Bressers 2004-08-24 20:28:57 UTC
A heap overflow has been discovered in the ImageMagick BMP decoder. 
The demo BMP file is the same one which affected QT.


The demo image is attachment 102533 [details].

This issue also affects RHEL2.1

Fedora Core is being hadled by bug 130806

Comment 1 Josh Bressers 2004-08-24 20:30:13 UTC
The patch for this issue is attachment 103039 [details]

Comment 2 Jonathan Blandford 2004-09-14 21:59:46 UTC
I built these into errata-candidate.

Comment 3 Josh Bressers 2004-10-20 19:13:59 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-494.html


Comment 4 Josh Bressers 2004-10-20 19:34:09 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-480.html


Comment 5 David Eisenstein 2004-11-11 20:48:59 UTC
FYI, as in 
   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130806#c2 ,
you may wish to have a look at 
   https://bugzilla.fedora.us/show_bug.cgi?id=2052#c10

because the patch in comment #1 may not have caught all of
the vulnerabilities, if this was the only patch applied into
RHSA's 2004-494 and 2004-480.
      -David

Comment 6 Josh Bressers 2004-11-11 22:05:01 UTC
Our fix was obviously incomplete, we'll want to fix the correctly.

Comment 7 David Eisenstein 2004-11-16 07:45:47 UTC
Created attachment 106788 [details]
More comprehensive patch

FYI, here is a more comprehensive patch for this issue we've come up with over
on Fedora Legacy that we will soon be testing.	 -David

Comment 8 Mark J. Cox 2004-12-01 09:07:03 UTC
ImageMagic-6.0.7 seems to include these updated fixes in the upstream
version, which is part of RHEL4-re1129.0 -> resolving.


Note You need to log in before you can comment on or make changes to this bug.