http://bugzilla.opensuse.org/show_bug.cgi?id=1037527 Bug ID: 1037527 Summary: VUL-1: CVE-2017-8765: ImageMagick: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 723728 --> http://bugzilla.opensuse.org/attachment.cgi?id=723728&action=edit CVE-2017-8765_reproducer Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8765 ===================================================== Description The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. ===================================================== Hyperlink [1] https://github.com/ImageMagick/ImageMagick/issues/466 [2] Reproducer: https://github.com/jgj212/poc/blob/master/ImageMagick-7.0.5-6-colormap-memor... [3] https://github.com/ImageMagick/ImageMagick/commit/b3299a3f2ec597172b092e9f7b... (master) [4] https://github.com/ImageMagick/ImageMagick/commit/82c0f060628c5d955e6a36b357... (ImageMagick-6) (open-)SUSE: https://software.opensuse.org/package/ImageMagick 7.0.5.4 (TW, official repo) 6.8.8.1 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.