'[oss-security] Re: Stack overflow in imagemagick coders/tiff.c'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Stack overflow in imagemagick coders/tiff.c
From:       Bastien =?ISO-8859-1?Q?Roucari=E8s?= <rouca () debian ! org>
Date:       2023-05-29 17:15:31
Message-ID: 5992983.lOV4Wx5bFT () portable-bastien
[Download RAW message or body]


Le lundi 29 mai 2023, 08:11:18 UTC Bastien Roucariès a écrit :
Hi following this bug I will also ask a few other CVE for imagemagick tiff coder (BTW cc me I \
am not subscribed)

> Hi,

CVE#0
> 
> Reading changelog and code of imagemagick, I want to report a stack overflow with crafted \
> tiff file in imagemagick 
> Fixed (after 6.9.12-26) by:
> https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023
> 
> Original reporter was Muhammad Aldo Firmansyah
> 
> Thanks 
> 
> Bastien (rouca)

CVE #1

commit 7dbefda1c14e32d7bc4d3762a3a54f3ddaa85dd1
Author: Dirk Lemstra <dirk@lemstra.org>
Date:   Sat Feb 19 07:46:46 2022 +0100

    Raise exception when image could not be read but no exception was raised.
    
    Bail out in case of corrupted image
    
    https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b
    (cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b)


CVE#2

commit 08f1e56a006d939dc85ddfab29e85579a65f4943
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Fri Feb 11 10:46:49 2022 -0500

    Fix unintialised value
    
    bug: https://github.com/ImageMagick/ImageMagick/issues/4830
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab


CVE#3

commit fb2beb87936fc0155431f655a937e869a86edf16
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Thu Mar 17 15:02:49 2022 -0400

    Fix buffer overrun in TIFF coder
    
    bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549
    origin: https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238


commit 4e1a165888a6aa7230dbdd7c87f59aadd5dbedec
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Fri Dec 17 14:05:04 2021 -0500

    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd


commit 1b899a81bfdfec4cbe1ec7458825c50f00144fdb
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sun Mar 14 07:44:52 2021 -0400

    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5


CVE#4

commit 01669597f665868cf1e4ccf27ab6fcd52aadaa43
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Nov 6 09:01:26 2021 -0400

    early exit on exception
    
    In case of malformed tiff image bail early
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50
  (cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50)


CVE#5
commit 506cdfbc6d246301be4b12ccdfc6d493c643deca
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Sat Sep 4 07:45:17 2021 -0400

    initialize buffer before calling TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae


commit f4ac98518241b8074735314f27b7eb47ee823e57
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Fri Sep 3 19:45:32 2021 -0400

    Fix a non initialized value passed to TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae


CVE#6

commit 0c1a7d649cfc31ec53f0f5c20c0e793df2512ac5
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Mon Jul 26 13:38:45 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245
    origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea


commit b0c59a56625aaa3a9c13bfe4f88e287c38e062c9
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Mon Jul 26 13:26:21 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532
  bug: https://github.com/ImageMagick/ImageMagick6/issues/245

commit b7882f2795db4e4e8f578cbe712dc4b81a47113f
Author: Cristy <mikayla-grace@urban-warrior.org>
Date:   Mon Jul 26 13:08:57 2021 -0400

    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d
  bug: https://github.com/ImageMagick/ImageMagick6/issues/245


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic