1549668 – (CVE-2018-7443) CVE-2018-7443 ImageMagick: Memory allocation failure in ReadTIFFImage function in memory.c

Bug 1549668 (CVE-2018-7443) - CVE-2018-7443 ImageMagick: Memory allocation failure in ReadTIFFImage function in memory.c

Summary: CVE-2018-7443 ImageMagick: Memory allocation failure in ReadTIFFImage functio...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2018-7443
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1549670
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-27 15:40 UTC by Laura Pardo
Modified:	2019-09-29 14:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:41:39 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-02-27 15:40:17 UTC

A flaw was found in ImageMagick. The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). 


References:
https://github.com/ImageMagick/ImageMagick/issues/999

Patches:
https://github.com/ImageMagick/ImageMagick/commit/5c0e1a31bc44829b1024ce599097f43285a05a42
https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f

Comment 1 Laura Pardo 2018-02-27 15:41:09 UTC

Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1549670]

Note You need to log in before you can comment on or make changes to this bug.