Bug 1036990 – VUL-1: CVE-2017-8355: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c)

Bug 1036990 - (CVE-2017-8355) VUL-1: CVE-2017-8355: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c)

(CVE-2017-8355)
Summary:	VUL-1: CVE-2017-8355: ImageMagick, GraphicsMagick: denial of service (memory ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	unspecified
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2017-8355:4.3:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-04-30 20:48 UTC by Mikhail Kasimov
Modified:	2017-08-11 12:47 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2017-8355_memory-leak-in-ReadMTVImage-11 (509 bytes, application/octet-stream) 2017-04-30 20:48 UTC, Mikhail Kasimov	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail Kasimov 2017-04-30 20:48:21 UTC

Created attachment 723264 [details]
CVE-2017-8355_memory-leak-in-ReadMTVImage-11

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8355
===================================================
Description

In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.

Source:  MITRE      Last Modified:  04/30/2017
===================================================

Hyperlink

[1] https://github.com/ImageMagick/ImageMagick/issues/450

[2] Testcase: https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadMTVImage-11.mtv

[3] https://github.com/ImageMagick/ImageMagick/commit/f0649393346ecd85cf602f8903f8f45b6e796b84 (master)

[4] https://github.com/ImageMagick/ImageMagick/commit/d22fd1ff6b41dc81369e255fab81e409049a6e15 (ImageMagick-6)


(open-)SUSE: https://software.opensuse.org/package/ImageMagick

7.0.5.4 (TW, official repo)
6.8.8.1 (42.{1,2}, official repo)

Comment 1 Petr Gajdos 2017-05-15 13:40:45 UTC

Tested with 12/ImageMagick:

BEFORE

$ valgrind --leak-check=full identify memory-leak-in-ReadMTVImage-11.mtv
[..]
==21852== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
$

One of the valgrind error is a leak error. For 11/ImageMagick and */GraphicsMagick I get just the leak error.

AFTER

$ valgrind --leak-check=full identify memory-leak-in-ReadMTVImage-11.mtv
[..]
==3215== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
$

(leak error vanished)

Similarly for other codestreams.

Affected: all ImageMagick and GraphicsMagick versions

Comment 2 Petr Gajdos 2017-05-17 15:12:57 UTC

I believe all fixed.

Comment 4 Bernhard Wiedemann 2017-05-17 16:04:04 UTC

This is an autogenerated message for OBS integration:
This bug (1036990) was mentioned in
https://build.opensuse.org/request/show/495650 42.2 / GraphicsMagick

Comment 6 Swamp Workflow Management 2017-05-26 10:09:20 UTC

openSUSE-SU-2017:1413-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1036985,1036986,1036988,1036990
CVE References: CVE-2017-8350,CVE-2017-8351,CVE-2017-8353,CVE-2017-8355
Sources used:
openSUSE Leap 42.2 (src):    GraphicsMagick-1.3.25-11.6.1

Comment 9 Swamp Workflow Management 2017-06-06 16:13:46 UTC

SUSE-SU-2017:1489-1: An update that fixes 27 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028075,1033091,1034870,1034872,1034876,1036976,1036977,1036978,1036980,1036981,1036982,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1036991,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2017-6502,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8343,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8347,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8356,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Server 12-SP2 (src):    ImageMagick-6.8.8.1-70.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ImageMagick-6.8.8.1-70.1

Comment 11 Swamp Workflow Management 2017-06-14 13:13:38 UTC

openSUSE-SU-2017:1560-1: An update that fixes 27 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1028075,1033091,1034870,1034872,1034876,1036976,1036977,1036978,1036980,1036981,1036982,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1036991,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2017-6502,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8343,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8347,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8356,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
openSUSE Leap 42.2 (src):    ImageMagick-6.8.8.1-30.3.1

Comment 12 Swamp Workflow Management 2017-06-19 10:12:26 UTC

SUSE-SU-2017:1599-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033091,1034870,1034872,1034876,1036976,1036978,1036980,1036981,1036983,1036984,1036985,1036986,1036987,1036988,1036989,1036990,1037527,1038000,1040025,1040303,1040304,1040306,1040332
CVE References: CVE-2014-9846,CVE-2016-10050,CVE-2017-7606,CVE-2017-7941,CVE-2017-7942,CVE-2017-7943,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8348,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8354,CVE-2017-8355,CVE-2017-8357,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9141,CVE-2017-9142,CVE-2017-9143,CVE-2017-9144
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1
SUSE Linux Enterprise Server 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ImageMagick-6.4.3.6-7.77.1

Comment 13 Swamp Workflow Management 2017-06-19 13:11:40 UTC

SUSE-SU-2017:1600-1: An update that fixes 17 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033091,1034876,1036978,1036980,1036981,1036984,1036985,1036986,1036987,1036988,1036990,1037527,1038000,1040025,1040304,1040332,984144
CVE References: CVE-2014-9847,CVE-2017-7606,CVE-2017-7941,CVE-2017-8344,CVE-2017-8345,CVE-2017-8346,CVE-2017-8349,CVE-2017-8350,CVE-2017-8351,CVE-2017-8352,CVE-2017-8353,CVE-2017-8355,CVE-2017-8765,CVE-2017-8830,CVE-2017-9098,CVE-2017-9142,CVE-2017-9144
Sources used:
SUSE Studio Onsite 1.3 (src):    GraphicsMagick-1.2.5-4.77.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    GraphicsMagick-1.2.5-4.77.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    GraphicsMagick-1.2.5-4.77.1

Comment 14 Marcus Meissner 2017-06-20 08:09:39 UTC

releaed

Comment 15 Petr Gajdos 2017-08-09 09:16:06 UTC

This bug seem to be still present in GraphicsMagick 15108:19f1771574cc.

Comment 16 Petr Gajdos 2017-08-09 09:27:36 UTC

GraphicsMagick upstream notified.

Comment 17 Petr Gajdos 2017-08-11 12:47:14 UTC

Upstream added a fix into mercurial repo.