Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Comment about commit https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11 #556

Closed
bastien-roucaries opened this issue Jul 9, 2017 · 7 comments
Closed

Comment about commit https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11 #556

bastien-roucaries opened this issue Jul 9, 2017 · 7 comments
Labels
question

Comments

@bastien-roucaries
Copy link

Could you comment and give a statement about security about this commit ?
@bastien-roucaries
Copy link
Author

Add also commit 948356e#diff-f47d172f1a179e52a8b2c231847f32ef

@bastien-roucaries
Copy link
Author

529ff26#diff-cdb21e3ad4d6e304030bd19bdc881fce and b007dd3#diff-cdb21e3ad4d6e304030bd19bdc881fce

@bastien-roucaries
Copy link
Author

This one 8c10b92#diff-0a5dc34e461f3c458e758c199f2dc46d

@mikayla-grace
Copy link

The JPEG coder patch is an extra precaution in the event that a JPEG scanline is short to prevent random bytes. This functionality is already covered if you enable this security policy:

<policy domain="system" name="memory-map" value="anonymous"/>

The check for blob size is a precaution against small JPEG images which could be corrupt but also could be possible exploits.

Enabling seekable streams is required to ensure checking the blob size works when an image is streamed on stdin. It was an oversight in the original patch.

The last patch prevents a possible memory leak in the event of a corrupt image.

@bastien-roucaries
Copy link
Author

Did you ask for CVE ?

@mikayla-grace
Copy link

mikayla-grace commented Jul 10, 2017
edited
Loading

No. The users posting these potential flaws to Github issues generally request and post a CVE.

@fgeek
Copy link

fgeek commented Jul 19, 2017
edited
Loading

Please use CVE-2017-11447 for:

The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.

which is fixed with 8c10b92 commit.

Please use CVE-2017-11448 for:

The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

which is fixed with 1737ac8 commit.

Please use CVE-2017-11449 for:

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.

which is fixed with 529ff26 and b007dd3 commits.

Please use CVE-2017-11450 for:

coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.

which is fixed with 948356e commit.

bastien-roucaries referenced this issue Jul 25, 2017
...
b007dd3
bastien-roucaries referenced this issue Jul 25, 2017
...
529ff26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fgeek @bastien-roucaries @dlemstra @mikayla-grace