You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 7, 2024. It is now read-only.
Identify if we have the software, in 16.09, 17.03, and unstable. Then determine if we are vulnerable, and make a comment with your findings. It can also be helpful to specify if you think there is a patch, or if it can be fixed via a general update.
Example:
unstable: we are not vulnerable (link to the package)
17.03: we are vulnerable (link to the package)
16.09: we don't have it packaged
IMPORTANT: If you believe there are possibly related issues, bring them up on the parent issue!
Patching
Start by commenting on this issue saying you're working on a patch. This way, we don't duplicate work.
If you open a pull request, tag this issue and the master issue for the roundup.
If you commit the patch directly to a branch, please leave a comment on this issue with the branch and the commit hash, example:
Thu, 23 Feb 2017 21:18:17 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>, alpine.GSO.2.20.1702232109380.9710@freddy.simplesystems.org
GraphicsMagick versions up to 1.3.25 encounter a write beyond an
allocated heap buffer when reading CMYKA TIFF files which claim to
offer fewer samples per pixel than required.
This is the tiffinfo description of the problematic TIFF file:
TIFF Directory at offset 0x808 (2056)
Image Width: 34 Image Length: 48
Bits/Sample: 8
Sample Format: unsigned integer
Compression Scheme: None
Photometric Interpretation: separated
Extra Samples: 1<unassoc-alpha>
Orientation: row 0 top, col 0 lhs
Samples/Pixel: 2
Rows/Strip: 32
Planar Configuration: single image plane
The fix for this is Mercurial changeset 14998:6156b4c2992d which may
be viewed at SourceForge via this link:
https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
A minimal patch to correct the problem is attached.
This issue was reported to us on February 15, 2017 by Valon Chu.
Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
tiff.c.patch
diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c--- a/coders/tiff.c Sun Jan 29 10:04:57 2017 -0600+++ b/coders/tiff.c Thu Feb 23 21:06:50 2017 -0600@@ -1230,8 +1230,8 @@
case 0:
if (samples_per_pixel == 1)
*quantum_type=GrayQuantum;
- else- *quantum_type=RedQuantum;+ else+ *quantum_type=RedQuantum;
break;
case 1:
*quantum_type=GreenQuantum;
@@ -1411,12 +1411,12 @@
}
else
{
- if (image->matte)+ if (image->matte && samples_per_pixel >= 5)
{
*quantum_type=CMYKAQuantum;
*quantum_samples=5;
}
- else+ else if (samples_per_pixel >= 4)
{
*quantum_type=CMYKQuantum;
*quantum_samples=4;
Fri, 24 Feb 2017 08:23:21 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>, alpine.GSO.2.20.1702240821470.9710@freddy.simplesystems.org
I would like to ammend this report in that the situation is a read
beyond an allocated heap buffer rather than a write beyond the end of
an allocated heap buffer as was originally reported. The application
may crash but should not be otherwise compromised.
Bob
On Thu, 23 Feb 2017, Bob Friesenhahn wrote:
> GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated
> heap buffer when reading CMYKA TIFF files which claim to offer fewer samples
> per pixel than required.
>
> This is the tiffinfo description of the problematic TIFF file:
>
> TIFF Directory at offset 0x808 (2056)
> Image Width: 34 Image Length: 48
> Bits/Sample: 8
> Sample Format: unsigned integer
> Compression Scheme: None
> Photometric Interpretation: separated
> Extra Samples: 1<unassoc-alpha>
> Orientation: row 0 top, col 0 lhs
> Samples/Pixel: 2
> Rows/Strip: 32
> Planar Configuration: single image plane
>
> The fix for this is Mercurial changeset 14998:6156b4c2992d which may be
> viewed at SourceForge via this link:
>
> https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
>
> A minimal patch to correct the problem is attached.
>
> This issue was reported to us on February 15, 2017 by Valon Chu.
>
> Bob
>
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Tue, 28 Feb 2017 08:19:36 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>, alpine.GSO.2.20.1702280817550.12318@freddy.simplesystems.org
This problem has been issued CVE-2017-6335.
The original reporter has tried to post CVE-assignment information to
the list but the mail has not made it through yet.
Bob
On Fri, 24 Feb 2017, Bob Friesenhahn wrote:
> I would like to ammend this report in that the situation is a read beyond an
> allocated heap buffer rather than a write beyond the end of an allocated heap
> buffer as was originally reported. The application may crash but should not
> be otherwise compromised.
>
> Bob
>
> On Thu, 23 Feb 2017, Bob Friesenhahn wrote:
>
>> GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated
>> heap buffer when reading CMYKA TIFF files which claim to offer fewer
>> samples per pixel than required.
>>
>> This is the tiffinfo description of the problematic TIFF file:
>>
>> TIFF Directory at offset 0x808 (2056)
>> Image Width: 34 Image Length: 48
>> Bits/Sample: 8
>> Sample Format: unsigned integer
>> Compression Scheme: None
>> Photometric Interpretation: separated
>> Extra Samples: 1<unassoc-alpha>
>> Orientation: row 0 top, col 0 lhs
>> Samples/Pixel: 2
>> Rows/Strip: 32
>> Planar Configuration: single image plane
>>
>> The fix for this is Mercurial changeset 14998:6156b4c2992d which may be
>> viewed at SourceForge via this link:
>>
>> https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
>>
>> A minimal patch to correct the problem is attached.
>>
>> This issue was reported to us on February 15, 2017 by Valon Chu.
>>
>> Bob
>>
>
>
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Here is a report from the oss-security mailing list for Vulnerability Roundup 27.
Skip to First Email
Instructions:
Identification
Identify if we have the software, in 16.09, 17.03, and unstable. Then determine if we are vulnerable, and make a comment with your findings. It can also be helpful to specify if you think there is a patch, or if it can be fixed via a general update.
Example:
IMPORTANT: If you believe there are possibly related issues, bring them up on the parent issue!
Patching
Start by commenting on this issue saying you're working on a patch. This way, we don't duplicate work.
If you open a pull request, tag this issue and the master issue for the roundup.
If you commit the patch directly to a branch, please leave a comment on this issue with the branch and the commit hash, example:
Skip to First Email
Upon Completion ...
Info
Triage Indicator:
Should the search term be changed from
graphicsmagick
? Suggest a new package search by commenting:Known CVEs: CVE-2017-6335
Skip to End
Thu, 23 Feb 2017 21:18:17 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>,
alpine.GSO.2.20.1702232109380.9710@freddy.simplesystems.org
tiff.c.patch
Skip to End
Fri, 24 Feb 2017 08:23:21 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>,
alpine.GSO.2.20.1702240821470.9710@freddy.simplesystems.org
Skip to End
Tue, 28 Feb 2017 08:19:36 -0600 (CST) Bob Friesenhahn <bfriesen-at-simple.dallas.tx.us>,
alpine.GSO.2.20.1702280817550.12318@freddy.simplesystems.org
Skip to End
The text was updated successfully, but these errors were encountered: