* [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606
@ 2017-04-25 15:35 Peter Korsgaard
2017-04-26 7:12 ` Peter Korsgaard
2017-04-28 12:28 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-04-25 15:35 UTC (permalink / raw)
To: buildroot
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...ub.com-ImageMagick-ImageMagick-issues-415.patch | 52 ++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
diff --git a/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
new file mode 100644
index 000000000..943679eda
--- /dev/null
+++ b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
@@ -0,0 +1,52 @@
+From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 31 Mar 2017 15:24:33 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
+
+Fixes CVE-2017-7606
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ coders/pnm.c | 2 +-
+ coders/rle.c | 5 +++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/coders/pnm.c b/coders/pnm.c
+index 9a1221d79..c525ebb8f 100644
+--- a/coders/pnm.c
++++ b/coders/pnm.c
+@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
+ pixel=ScaleQuantumToChar(GetPixelRed(image,p));
+ else
+ pixel=ScaleQuantumToAny(GetPixelRed(image,p),
+- max_value);
++ max_value);
+ }
+ q=PopCharPixel((unsigned char) pixel,q);
+ p+=GetPixelChannels(image);
+diff --git a/coders/rle.c b/coders/rle.c
+index 2318901ec..ec071dc7b 100644
+--- a/coders/rle.c
++++ b/coders/rle.c
+@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ p=colormap;
+ for (i=0; i < (ssize_t) number_colormaps; i++)
+ for (x=0; x < (ssize_t) map_length; x++)
+- *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
++ *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
++ ReadBlobLSBShort(image)));
+ }
+ if ((flags & 0x08) != 0)
+ {
+@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ for (x=0; x < (ssize_t) number_planes; x++)
+ {
+ ValidateColormapValue(image,(size_t) (x*map_length+
+- (*p & mask)),&index,exception);
++ (*p & mask)),&index,exception);
+ *p=colormap[(ssize_t) index];
+ p++;
+ }
+--
+2.11.0
+
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606
2017-04-25 15:35 [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606 Peter Korsgaard
@ 2017-04-26 7:12 ` Peter Korsgaard
2017-04-28 12:28 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-04-26 7:12 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> This is not yet part of any release.
> coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
> representable values of type unsigned char" undefined behavior issue, which
> might allow remote attackers to cause a denial of service (application
> crash) or possibly have unspecified other impact via a crafted image.
> For more details, see:
> https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606
2017-04-25 15:35 [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606 Peter Korsgaard
2017-04-26 7:12 ` Peter Korsgaard
@ 2017-04-28 12:28 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-04-28 12:28 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> This is not yet part of any release.
> coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
> representable values of type unsigned char" undefined behavior issue, which
> might allow remote attackers to cause a denial of service (application
> crash) or possibly have unspecified other impact via a crafted image.
> For more details, see:
> https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-04-28 12:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-25 15:35 [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606 Peter Korsgaard
2017-04-26 7:12 ` Peter Korsgaard
2017-04-28 12:28 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox