Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1487714 - (CVE-2017-13769) CVE-2017-13769 ImageMagick: Improper input validation in WriteTHUMBNAILImage function in coders/thumbnail.c
CVE-2017-13769 ImageMagick: Improper input validation in WriteTHUMBNAILImage ...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170830,repor...
: Security
Depends On: 1487715
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-01 13:25 EDT by Pedro Sampaio
Modified: 2017-09-05 10:44 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Pedro Sampaio 2017-09-01 13:25:32 EDT 
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 8.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.

WriteTHUMBNAILImage function, where an externally controllable value is being used as an index in the process of generating a thumbnail image can also lead to potential Buffer Overflow.

Upstream bug:

https://github.com/ImageMagick/ImageMagick/issues/705

Upstream patch:

https://github.com/ImageMagick/ImageMagick/commit/73e085bd8a77541fb9faf0584951783fdeac97f2
https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5
https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
Comment 1 Pedro Sampaio 2017-09-01 13:26:03 EDT 
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1487715]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.