[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-16329

Salvatore Bonaccorso carnil at debian.org
Sun Sep 2 15:57:49 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
226e4d82 by Salvatore Bonaccorso at 2018-09-02T14:55:48Z
Update information for CVE-2018-16329

The "broken" assert is only introduced in 7.0.1. But before that there
was apparently event no check at all to image if following the code flow
correct. So a bunch of image dereferences in the swich statements in the
GetMagickProperty might lead to the problem.

Keep it for now as undetermined, but add the information on the assert
introduction.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,8 +21,11 @@ CVE-2018-16330 (Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an i
 CVE-2018-16329 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...)
 	- imagemagick <undetermined>
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1225
-	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c
-	TODO: check, need furhter investigation if applies to ImageMagick6 in respective code
+	NOTE: Only in the 7.x series the assert statement was changed so the statement would
+	NOTE: be true even if image is NULL, but image_info is not:
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db2a1d6aaff3a83a74b37731405424c95f0c873a
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c
+	TODO: check if though missing null checks are present as well in 6.x series
 CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...)
 	- imagemagick 8:6.9.10.8+dfsg-1
 	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/226e4d82c55c52ea01fba9d4944f008e7231871e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/226e4d82c55c52ea01fba9d4944f008e7231871e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180902/8d337b0e/attachment.html>

More information about the debian-security-tracker-commits mailing list