Re: imagemagick: CVE-2019-13305/CVE-2019-13306

To: 931452@bugs.debian.org
Cc: 931449@bugs.debian.org, team@security.debian.org, debian-lts@lists.debian.org
Subject: Re: imagemagick: CVE-2019-13305/CVE-2019-13306
From: Hugo Lefeuvre <hle@debian.org>
Date: Fri, 9 Aug 2019 11:03:05 +0200
Message-id: <[🔎] 20190809090305.GA1888@behemoth.owl.eu.com.local>

Hi,

These issues are similar, both fixed by [0]. Upstream claims to have fixed
CVE-2019-13306 via [1] but this is wrong, [1] is reverted by [0].

I took some time to investigate this vulnerability. Unless I am mistaken,
this allows for arbitrary stack buffer overflow up to 10 bytes via pixel
luma values. My exploitation skills are limited, but this could be an
exploitable vulnerability.

I think this should be fixed, at least via point release?

regards,
Hugo

[0] https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
[1] https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA-1874-1] postgresql-9.4 security update
Next by Date: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}
Previous by thread: [SECURITY] [DLA-1874-1] postgresql-9.4 security update
Next by thread: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}
Index(es):
- Date
- Thread