Hide Forgot
Multiple security issues were found in ImageMagick 6.9.2. Memory Leak while handle psd file http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 IM 6.9.2 crash with some PNG http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 Prevent null pointer access in magick/constitute.c https://github.com/ImageMagick/ImageMagick/pull/34 PixelColor off by one on i386 https://github.com/ImageMagick/ImageMagick/issues/54 Fixed memory leak when reading incorrect PSD files https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1326835]
Patches: Memory Leak while handle psd file http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 Patch: https://github.com/ImageMagick/ImageMagick/commit/c848729aee3599c5bb859974180de02f9e8f49b1 IM 6.9.2 crash with some PNG http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 http://git.imagemagick.org/repos/ImageMagick/commit/e00cf211070e7f150a3da77932b8620c89bb9225 Prevent null pointer access in magick/constitute.c https://github.com/ImageMagick/ImageMagick/pull/34 https://github.com/ImageMagick/ImageMagick/pull/34/commits/aa785715d46f2b18b60c652a177c57bc8f0a0a68 PixelColor off by one on i386 https://github.com/ImageMagick/ImageMagick/issues/54 (the PixelColor issue does not appear to be security relevant) Fixed memory leak when reading incorrect PSD files https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6
(In reply to Stefan Cornelius from comment #2) > Prevent null pointer access in magick/constitute.c > https://github.com/ImageMagick/ImageMagick/pull/34 > https://github.com/ImageMagick/ImageMagick/pull/34/commits/ > aa785715d46f2b18b60c652a177c57bc8f0a0a68 > This issue was assigned CVE-2015-8898 in: http://seclists.org/oss-sec/2016/q2/459
(In reply to Stefan Cornelius from comment #2) > IM 6.9.2 crash with some PNG > http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 > http://git.imagemagick.org/repos/ImageMagick/commit/ > e00cf211070e7f150a3da77932b8620c89bb9225 > And this one is CVE-2015-8897, marked as 'Out of bounds error in SpliceImage' in: http://seclists.org/oss-sec/2016/q2/459
CVE-2015-8897 has been moved out to bug #1344271: https://bugzilla.redhat.com/1344271 CVE-2015-8898 has been moved out to bug #1344264: https://bugzilla.redhat.com/1344264 * Memory Leak while handle psd file http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28791 Patch: https://github.com/ImageMagick/ImageMagick/commit/c848729aee3599c5bb859974180de02f9e8f49b1 This issue does not affect RHEL6 and 7. * PixelColor off by one on i386 https://github.com/ImageMagick/ImageMagick/issues/54 This issue does not appear to have any security impact. * Fixed memory leak when reading incorrect PSD files https://github.com/ImageMagick/ImageMagick/commit/bd9f1e7d1bd2c8e2cf7895d133c5c5b5cd3526b6 This issue affects RHEL 6 and 7, but it's only a small memory leak.