[Secure-testing-commits] r44723 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Sep 18 17:26:09 UTC 2016
Author: carnil
Date: 2016-09-18 17:26:09 +0000 (Sun, 18 Sep 2016)
New Revision: 44723
Modified:
data/CVE/list
Log:
Add CVE-2016-7449/graphicsmagick, add extensive note about the scope
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-18 17:23:29 UTC (rev 44722)
+++ data/CVE/list 2016-09-18 17:26:09 UTC (rev 44723)
@@ -2172,8 +2172,17 @@
RESERVED
CVE-2016-7450
RESERVED
-CVE-2016-7449
+CVE-2016-7449 [all TIFF related problems due to use of strlcpy use]
RESERVED
+ - graphicsmagick 1.3.25-1
+ NOTE: The scope of the CVE is for all of these reported TIFF problems.
+ NOTE: The ultimate vulnerability was use of:
+ NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
+ NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate
+ NOTE: function choice for this type of scenario of untrusted-data copying.
+ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
+ NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
+ NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
CVE-2016-7448 [Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU]
RESERVED
- graphicsmagick 1.3.25-1
More information about the Secure-testing-commits
mailing list