Bug 1378776 (CVE-2016-7539) - CVE-2016-7539 ImageMagick: potential DOS by not releasing memory
Summary: CVE-2016-7539 ImageMagick: potential DOS by not releasing memory
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-7539
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1378790
Blocks: 1378785
TreeView+ depends on / blocked
 
Reported: 2016-09-23 08:58 UTC by Adam Mariš
Modified: 2019-09-29 13:57 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-27 16:44:46 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Mariš 2016-09-23 08:58:24 UTC 
Bug report(s):

http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
https://bugs.debian.org/833101

Upstream patch(es):

https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c

CVE assignment:

http://seclists.org/oss-sec/2016/q3/590
Comment 1 Adam Mariš 2016-09-23 09:37:02 UTC 
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1378790]
Comment 3 Stefan Cornelius 2016-09-27 16:42:32 UTC 
Errors within the cache handling could lead to performance issues or temporary files not being removed correctly. This could result in a higher usage of resources than necessary, but ultimately is not that much of an issue.
Note You need to log in before you can comment on or make changes to this bug.