| Bug ID | 1037527 |
|---|---|
| Summary | VUL-1: CVE-2017-8765: ImageMagick: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Created attachment 723728 [details] CVE-2017-8765_reproducer Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8765 ===================================================== Description The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. ===================================================== Hyperlink [1] https://github.com/ImageMagick/ImageMagick/issues/466 [2] Reproducer: https://github.com/jgj212/poc/blob/master/ImageMagick-7.0.5-6-colormap-memory-leak.ICON [3] https://github.com/ImageMagick/ImageMagick/commit/b3299a3f2ec597172b092e9f7b71d2c9e75287c7 (master) [4] https://github.com/ImageMagick/ImageMagick/commit/82c0f060628c5d955e6a36b3579cc81086132092 (ImageMagick-6) (open-)SUSE: https://software.opensuse.org/package/ImageMagick 7.0.5.4 (TW, official repo) 6.8.8.1 (42.{1,2}, official repo)