[Bug 1218248] Re: DoS: memory corruption while processing GIF comments.
Launchpad Bug Tracker
1218248 at bugs.launchpad.net
Tue Sep 10 14:04:18 UTC 2013
This bug was fixed in the package imagemagick - 8:6.7.7.10-5ubuntu3
---------------
imagemagick (8:6.7.7.10-5ubuntu3) saucy; urgency=low
* SECURITY UPDATE: denial of service and possible code execution in GIF
image comment decoding (LP: #1218248)
- debian/patches/CVE-2013-4298.patch: properly handle comments in
coders/gif.c.
- CVE-2013-4298
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 09 Sep 2013 14:49:08 -0400
** Changed in: imagemagick (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1218248
Title:
DoS: memory corruption while processing GIF comments.
Status in “imagemagick” package in Ubuntu:
Fix Released
Status in “imagemagick” package in Debian:
Fix Released
Bug description:
Memory corruption while processing GIF comments. As the result
malloc's private stuctures are corrupted and it causes SIGABRT and
application crashes.
Here is a topic on imagemagick forum: http://www.imagemagick.org
/discourse-server/viewtopic.php?f=3&t=23921 . You can easily reproduce
problem with images from this topic.
It was a problem with handling comments. '\0' symbol was places after allocated memory buffer.
To fix this problem raw memory handling functions was replaced with ConcatenateString.
Original code that solves this problem: http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c
Patch that solves problem is attached to this bug report and tested in
Yandex.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248/+subscriptions
More information about the foundations-bugs
mailing list