GNU bug report logs

#47418 imagemagick is vulnerable to CVE-2020-27829

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #8 received at 47418@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47418) by debbugs.gnu.org; 26 Mar 2021 19:54:07 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 26 15:54:07 2021
Received: from localhost ([127.0.0.1]:42547 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lPsX0-00015l-Q3
	for submit@debbugs.gnu.org; Fri, 26 Mar 2021 15:54:07 -0400
Received: from mail.zaclys.net ([178.33.93.72]:48219)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@zaclys.net>) id 1lPsWz-000157-FD
 for 47418@debbugs.gnu.org; Fri, 26 Mar 2021 15:54:06 -0400
Received: from localhost.localdomain (82-64-145-38.subs.proxad.net
 [82.64.145.38]) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12QJrxXw006639
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Fri, 26 Mar 2021 20:53:59 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12QJrxXw006639
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616788439;
 bh=7I1IqOuV+ST7KEqatiOO2sftqY6rRrFNu4l+mDOaS8Y=;
 h=From:To:Cc:Subject:Date:From;
 b=VAn5qBO1O9YA0tX4xj9v7mLbxQGEgaouJYUC/DmuHL7kBO0CqTr7W4RFDCL6QgbuM
 FKTsNo9IWDzZFh2o10SkjxXa/XoeY0ooiXJn0nJX0TNu96aVeceNzBa4XGn3tzZHlj
 /PVa327pEjnxA7FkGSQM86zd5Az51DwzYab/wheA=
From: Léo Le Bouter <lle-bout@zaclys.net>
To: 47418@debbugs.gnu.org
Subject: [PATCH] gnu: imagemagick: Fix CVE-2020-27829.
Date: Fri, 26 Mar 2021 20:53:42 +0100
Message-Id: <20210326195342.14152-1-lle-bout@zaclys.net>
X-Mailer: git-send-email 2.31.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47418
Cc: Léo Le Bouter <lle-bout@zaclys.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/imagemagick.scm (imagemagick/fixed): Apply patch to existing
graft.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/imagemagick.scm                  |  3 ++-
 .../patches/imagemagick-CVE-2020-27829.patch  | 23 +++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 40956598db..fe70238345 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1220,6 +1220,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/id3lib-UTF16-writing-bug.patch			\
   %D%/packages/patches/idris-disable-test.patch			\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
+  %D%/packages/patches/imagemagick-CVE-2020-27829.patch	\
   %D%/packages/patches/inetutils-hurd.patch			\
   %D%/packages/patches/inkscape-poppler-0.76.patch		\
   %D%/packages/patches/intel-xed-fix-nondeterminism.patch	\
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index a3562f2e13..1618a28596 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -143,7 +143,8 @@ text, lines, polygons, ellipses and Bézier curves.")
                                   "6.9.12-2.tar.xz"))
               (sha256
                (base32
-                "17da5zihz58qm41y61sbvw626m5xfwr2nzszlikrvxyq1j1q7asa"))))
+                "17da5zihz58qm41y61sbvw626m5xfwr2nzszlikrvxyq1j1q7asa"))
+              (patches (search-patches "imagemagick-CVE-2020-27829.patch"))))
     (arguments
      (substitute-keyword-arguments (package-arguments imagemagick)
        ((#:phases phases)
diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
new file mode 100644
index 0000000000..74debdc98e
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
@@ -0,0 +1,23 @@
+From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 30 Nov 2020 16:27:26 +0000
+Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
+ Hardik Shah)
+
+---
+ coders/tiff.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index e98f927abd..1eecf17aea 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+         extent+=image->columns*sizeof(uint32);
+ #endif
+         strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+-          sizeof(*strip_pixels));
++          2*sizeof(*strip_pixels));
+         if (strip_pixels == (unsigned char *) NULL)
+           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+         (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));
-- 
2.31.0

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 03:09:25 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.