1378776 – (CVE-2016-7539) CVE-2016-7539 ImageMagick: potential DOS by not releasing memory

Bug 1378776 (CVE-2016-7539) - CVE-2016-7539 ImageMagick: potential DOS by not releasing memory

Summary: CVE-2016-7539 ImageMagick: potential DOS by not releasing memory

Status:	CLOSED WONTFIX
Alias:	CVE-2016-7539
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=low,public=20160107,reported=2...
Keywords:	Security
Depends On:	1378790
Blocks:	1378785
TreeView+	depends on / blocked

Reported:	2016-09-23 08:58 UTC by Adam Mariš
Modified:	2016-09-27 16:44 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2016-09-27 16:44:46 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Mariš 2016-09-23 08:58:24 UTC

Bug report(s):

http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
https://bugs.debian.org/833101

Upstream patch(es):

https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c

CVE assignment:

http://seclists.org/oss-sec/2016/q3/590

Comment 1 Adam Mariš 2016-09-23 09:37:02 UTC

Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1378790]

Comment 3 Stefan Cornelius 2016-09-27 16:42:32 UTC

Errors within the cache handling could lead to performance issues or temporary files not being removed correctly. This could result in a higher usage of resources than necessary, but ultimately is not that much of an issue.

Note You need to log in before you can comment on or make changes to this bug.