Bug 1000693 (CVE-2016-7517)

Summary: VUL-0: CVE-2016-7517: ImageMagick: out-of-bounds read in coders/pict.c
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: vpereira
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:RedHat:CVE-2016-7517:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2016-09-23 10:53:06 UTC 
AddressSanitizer: heap-buffer-overflow READ of size 1 pict.c

References:
https://bugs.launchpad.net/bugs/1533449
https://github.com/ImageMagick/ImageMagick/issues/80
Comment 1 Swamp Workflow Management 2016-09-23 22:01:25 UTC 
bugbot adjusting priority
Comment 2 Petr Gajdos 2016-10-05 10:16:10 UTC 
There is a testcase in:

https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533449

but the results are similar to that in bug 1000692 except 13.2, where I can not manifest the issue with just running convert or running it under valgrind.


ImageMagick-6 commit:
https://github.com/ImageMagick/ImageMagick/commit/6e4b009f392b8f9d2dbfb4f8524143a10c3ce574

The code is everywhere, all versions of GraphicsMagick and ImageMagick considering affected.
Comment 3 Petr Gajdos 2016-10-13 13:40:06 UTC 
I believe all fixed.
Comment 4 Bernhard Wiedemann 2016-10-13 14:01:37 UTC 
This is an autogenerated message for OBS integration:
This bug (1000693) was mentioned in
https://build.opensuse.org/request/show/434745 13.2 / GraphicsMagick
https://build.opensuse.org/request/show/434746 13.2 / ImageMagick
https://build.opensuse.org/request/show/434747 42.1 / GraphicsMagick
Comment 6 Bernhard Wiedemann 2016-10-18 14:02:15 UTC 
This is an autogenerated message for OBS integration:
This bug (1000693) was mentioned in
https://build.opensuse.org/request/show/435919 42.1 / GraphicsMagick
Comment 8 Swamp Workflow Management 2016-10-26 12:07:57 UTC 
openSUSE-SU-2016:2641-1: An update that fixes 28 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000436,1000689,1000690,1000691,1000692,1000693,1000695,1000698,1000700,1000702,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,985442,999673
CVE References: CVE-2015-8957,CVE-2015-8958,CVE-2016-5688,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE 13.2 (src):    GraphicsMagick-1.3.20-12.1
Comment 9 Swamp Workflow Management 2016-10-26 12:16:50 UTC 
openSUSE-SU-2016:2644-1: An update that fixes 23 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000689,1000693,1000695,1000698,1000700,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,999673
CVE References: CVE-2016-5688,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE Leap 42.1 (src):    GraphicsMagick-1.3.21-14.1
Comment 10 Swamp Workflow Management 2016-10-28 16:09:00 UTC 
SUSE-SU-2016:2667-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Server 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ImageMagick-6.8.8.1-40.1
Comment 11 Swamp Workflow Management 2016-10-28 19:07:58 UTC 
openSUSE-SU-2016:2671-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000703,1000704,1000706,1000707,1000708,1000709,1000710,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7536,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE 13.2 (src):    ImageMagick-6.8.9.8-34.1
Comment 12 Swamp Workflow Management 2016-11-04 14:08:43 UTC 
SUSE-SU-2016:2724-1: An update that fixes 26 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1000399,1000434,1000436,1000689,1000690,1000691,1000692,1000693,1000695,1000698,1000700,1000704,1000707,1000711,1001066,1001221,1002206,1002209,1002422,1003629,1005123,1005125,1005127,999673
CVE References: CVE-2015-8957,CVE-2015-8958,CVE-2016-6823,CVE-2016-7101,CVE-2016-7446,CVE-2016-7447,CVE-2016-7448,CVE-2016-7449,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7519,CVE-2016-7522,CVE-2016-7524,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7531,CVE-2016-7533,CVE-2016-7537,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.46.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.46.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.46.1
Comment 13 Swamp Workflow Management 2016-11-10 16:15:00 UTC 
openSUSE-SU-2016:2770-1: An update that solves 41 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1000394,1000399,1000434,1000436,1000686,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000696,1000697,1000698,1000699,1000700,1000701,1000702,1000703,1000704,1000706,1000707,1000708,1000709,1000711,1000712,1000713,1000714,1000715,1001066,1001221,1002206,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1005328
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-6823,CVE-2016-7101,CVE-2016-7513,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7520,CVE-2016-7521,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7532,CVE-2016-7533,CVE-2016-7534,CVE-2016-7535,CVE-2016-7537,CVE-2016-7538,CVE-2016-7539,CVE-2016-7540,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8677,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684
Sources used:
openSUSE Leap 42.1 (src):    ImageMagick-6.8.8.1-21.1
Comment 14 Swamp Workflow Management 2016-12-01 17:09:21 UTC 
SUSE-SU-2016:2964-1: An update that fixes 34 vulnerabilities is now available.

Category: security (important)
Bug References: 1000399,1000434,1000436,1000688,1000689,1000690,1000691,1000692,1000693,1000694,1000695,1000698,1000699,1000700,1000701,1000703,1000704,1000707,1000709,1000711,1000713,1000714,1001066,1001221,1002209,1002421,1002422,1003629,1005123,1005125,1005127,1007245
CVE References: CVE-2014-9907,CVE-2015-8957,CVE-2015-8958,CVE-2015-8959,CVE-2016-5687,CVE-2016-6823,CVE-2016-7101,CVE-2016-7514,CVE-2016-7515,CVE-2016-7516,CVE-2016-7517,CVE-2016-7518,CVE-2016-7519,CVE-2016-7522,CVE-2016-7523,CVE-2016-7524,CVE-2016-7525,CVE-2016-7526,CVE-2016-7527,CVE-2016-7528,CVE-2016-7529,CVE-2016-7530,CVE-2016-7531,CVE-2016-7533,CVE-2016-7535,CVE-2016-7537,CVE-2016-7799,CVE-2016-7800,CVE-2016-7996,CVE-2016-7997,CVE-2016-8682,CVE-2016-8683,CVE-2016-8684,CVE-2016-8862
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.54.1
Comment 15 Marcus Meissner 2016-12-22 12:17:17 UTC 
released