Your message dated Sun, 15 Oct 2017 21:19:32 +0000
with message-id <[email protected]>
and subject line Bug#878511: fixed in graphicsmagick 1.3.26-15
has caused the Debian Bug report #878511,
regarding graphicsmagick: CVE-2017-13737
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
878511: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878511
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.3.26-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2017-13737[0]:
| There is an invalid free in the MagickFree function in magick/memory.c
| in GraphicsMagick 1.3.26 that will lead to a remote denial of service
| attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13737
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1484196
In [1] there was raised the question if this is actually a tiff bug,
and fixed already in 4.0.8. But I tried on an unstable system, with
graphicsmagick 1.3.26-14
libtiff5 4.0.8-5
----cut---------cut---------cut---------cut---------cut---------cut-----
$ gdb --args gm montage ./POC1 /dev/null
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from gm...Reading symbols from
/usr/lib/debug/.build-id/aa/32c79ad494cd49bec1714fd719b635a8701413.debug...done.
done.
(gdb) r
Starting program: /usr/bin/gm montage ./POC1 /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
*** Error in `/usr/bin/gm': free(): invalid next size (fast):
0x000055555576ce90 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7ffff7115bfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7ffff711bfc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7ffff711c80e]
/usr/lib/libGraphicsMagick-Q16.so.3(+0x22915b)[0x7ffff7ab715b]
/usr/lib/libGraphicsMagick-Q16.so.3(ReadImage+0x1c8)[0x7ffff79475d8]
/usr/lib/libGraphicsMagick-Q16.so.3(MontageImageCommand+0xa44)[0x7ffff7933ad4]
/usr/lib/libGraphicsMagick-Q16.so.3(MagickCommand+0x194)[0x7ffff7916a94]
/usr/lib/libGraphicsMagick-Q16.so.3(+0x89ae6)[0x7ffff7917ae6]
/usr/lib/libGraphicsMagick-Q16.so.3(GMCommand+0x2e)[0x7ffff793a45e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7ffff70c52e1]
/usr/bin/gm(+0x66a)[0x55555555466a]
======= Memory map: ========
555555554000-555555555000 r-xp 00000000 fd:00 269963
/usr/bin/gm
555555754000-555555755000 r--p 00000000 fd:00 269963
/usr/bin/gm
555555755000-555555756000 rw-p 00001000 fd:00 269963
/usr/bin/gm
555555756000-555555788000 rw-p 00000000 00:00 0 [heap]
7fffe8000000-7fffe8021000 rw-p 00000000 00:00 0
7fffe8021000-7fffec000000 ---p 00000000 00:00 0
7fffefbe5000-7ffff10d3000 rw-p 00000000 00:00 0
7ffff10d3000-7ffff10e9000 r-xp 00000000 fd:00 524299
/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff10e9000-7ffff12e8000 ---p 00016000 fd:00 524299
/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12e8000-7ffff12e9000 r--p 00015000 fd:00 524299
/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12e9000-7ffff12ea000 rw-p 00016000 fd:00 524299
/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff12ea000-7ffff145a000 r-xp 00000000 fd:00 262666
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff145a000-7ffff165a000 ---p 00170000 fd:00 262666
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff165a000-7ffff1664000 r--p 00170000 fd:00 262666
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff1664000-7ffff1666000 rw-p 0017a000 fd:00 262666
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.24
7ffff1666000-7ffff1669000 rw-p 00000000 00:00 0
7ffff1669000-7ffff166e000 r-xp 00000000 fd:00 264024
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff166e000-7ffff186d000 ---p 00005000 fd:00 264024
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186d000-7ffff186e000 r--p 00004000 fd:00 264024
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186e000-7ffff186f000 rw-p 00005000 fd:00 264024
/usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7ffff186f000-7ffff1871000 r-xp 00000000 fd:00 273208
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1871000-7ffff1a71000 ---p 00002000 fd:00 273208
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a71000-7ffff1a72000 r--p 00002000 fd:00 273208
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a72000-7ffff1a73000 rw-p 00003000 fd:00 273208
/usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7ffff1a73000-7ffff1a7a000 r-xp 00000000 fd:00 525221
/lib/x86_64-linux-gnu/librt-2.24.so
7ffff1a7a000-7ffff1c79000 ---p 00007000 fd:00 525221
/lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c79000-7ffff1c7a000 r--p 00006000 fd:00 525221
/lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c7a000-7ffff1c7b000 rw-p 00007000 fd:00 525221
/lib/x86_64-linux-gnu/librt-2.24.so
7ffff1c7b000-7ffff34f7000 r-xp 00000000 fd:00 271415
/usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff34f7000-7ffff36f6000 ---p 0187c000 fd:00 271415
/usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f6000-7ffff36f7000 r--p 0187b000 fd:00 271415
/usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f7000-7ffff36f8000 rw-p 0187c000 fd:00 271415
/usr/lib/x86_64-linux-gnu/libicudata.so.57.1
7ffff36f8000-7ffff388c000 r-xp 00000000 fd:00 271422
/usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff388c000-7ffff3a8b000 ---p 00194000 fd:00 271422
/usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a8b000-7ffff3a9d000 r--p 00193000 fd:00 271422
/usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a9d000-7ffff3a9e000 rw-p 001a5000 fd:00 271422
/usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
7ffff3a9e000-7ffff3aa0000 rw-p 00000000 00:00 0
7ffff3aa0000-7ffff3d0b000 r-xp 00000000 fd:00 271416
/usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3d0b000-7ffff3f0a000 ---p 0026b000 fd:00 271416
/usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f0a000-7ffff3f17000 r--p 0026a000 fd:00 271416
/usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f17000-7ffff3f19000 rw-p 00277000 fd:00 271416
/usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
7ffff3f19000-7ffff3f1a000 rw-p 00000000 00:00 0
7ffff3f1a000-7ffff3f41000 r-xp 00000000 fd:00 262444
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff3f41000-7ffff4140000 ---p 00027000 fd:00 262444
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4140000-7ffff4141000 r--p 00026000 fd:00 262444
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4141000-7ffff4142000 rw-p 00027000 fd:00 262444
/usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7ffff4142000-7ffff4155000 r-xp 00000000 fd:00 524388
/lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4155000-7ffff4354000 ---p 00013000 fd:00 524388
/lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4354000-7ffff4355000 r--p 00012000 fd:00 524388
/lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4355000-7ffff4356000 rw-p 00013000 fd:00 524388
/lib/x86_64-linux-gnu/libbsd.so.0.8.6
7ffff4356000-7ffff4357000 rw-p 00000000 00:00 0
7ffff4357000-7ffff435b000 r-xp 00000000 fd:00 528520
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff435b000-7ffff455a000 ---p 00004000 fd:00 528520
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455a000-7ffff455b000 r--p 00003000 fd:00 528520
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455b000-7ffff455c000 rw-p 00004000 fd:00 528520
/lib/x86_64-linux-gnu/libuuid.so.1.3.0
7ffff455c000-7ffff455e000 r-xp 00000000 fd:00 524418
/lib/x86_64-linux-gnu/libdl-2.24.so
7ffff455e000-7ffff475e000 ---p 00002000 fd:00 524418
/lib/x86_64-linux-gnu/libdl-2.24.so
7ffff475e000-7ffff475f000 r--p 00002000 fd:00 524418
/lib/x86_64-linux-gnu/libdl-2.24.so
7ffff475f000-7ffff4760000 rw-p 00003000 fd:00 524418
/lib/x86_64-linux-gnu/libdl-2.24.so
7ffff4760000-7ffff4863000 r-xp 00000000 fd:00 524422
/lib/x86_64-linux-gnu/libm-2.24.so
7ffff4863000-7ffff4a62000 ---p 00103000 fd:00 524422
/lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a62000-7ffff4a63000 r--p 00102000 fd:00 524422
/lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a63000-7ffff4a64000 rw-p 00103000 fd:00 524422
/lib/x86_64-linux-gnu/libm-2.24.so
7ffff4a64000-7ffff4a7d000 r-xp 00000000 fd:00 524383
/lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4a7d000-7ffff4c7c000 ---p 00019000 fd:00 524383
/lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7c000-7ffff4c7d000 r--p 00018000 fd:00 524383
/lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7d000-7ffff4c7e000 rw-p 00019000 fd:00 524383
/lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff4c7e000-7ffff4e35000 r-xp 00000000 fd:00 262792
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff4e35000-7ffff5035000 ---p 001b7000 fd:00 262792
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff5035000-7ffff503d000 r--p 001b7000 fd:00 262792
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff503d000-7ffff503f000 rw-p 001bf000 fd:00 262792
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
7ffff503f000-7ffff5040000 rw-p 00000000 00:00 0
7ffff5040000-7ffff504f000 r-xp 00000000 fd:00 524598
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff504f000-7ffff524e000 ---p 0000f000 fd:00 524598
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff524e000-7ffff524f000 r--p 0000e000 fd:00 524598
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff524f000-7ffff5250000 rw-p 0000f000 fd:00 524598
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7ffff5250000-7ffff5275000 r-xp 00000000 fd:00 524413
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5275000-7ffff5474000 ---p 00025000 fd:00 524413
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5474000-7ffff5475000 r--p 00024000 fd:00 524413
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5475000-7ffff5476000 rw-p 00025000 fd:00 524413
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7ffff5476000-7ffff55b0000 r-xp 00000000 fd:00 262209
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff55b0000-7ffff57b0000 ---p 0013a000 fd:00 262209
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b0000-7ffff57b1000 r--p 0013a000 fd:00 262209
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b1000-7ffff57b6000 rw-p 0013b000 fd:00 262209
/usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7ffff57b6000-7ffff57cd000 r-xp 00000000 fd:00 283799
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff57cd000-7ffff59cd000 ---p 00017000 fd:00 283799
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59cd000-7ffff59ce000 r--p 00017000 fd:00 283799
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59ce000-7ffff59cf000 rw-p 00018000 fd:00 283799
/usr/lib/x86_64-linux-gnu/libICE.so.6.3.0
7ffff59cf000-7ffff59d3000 rw-p 00000000 00:00 0
7ffff59d3000-7ffff59da000 r-xp 00000000 fd:00 283801
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff59da000-7ffff5bd9000 ---p 00007000 fd:00 283801
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bd9000-7ffff5bda000 r--p 00006000 fd:00 283801
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bda000-7ffff5bdb000 rw-p 00007000 fd:00 283801
/usr/lib/x86_64-linux-gnu/libSM.so.6.0.1
7ffff5bdb000-7ffff5bec000 r-xp 00000000 fd:00 262622
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5bec000-7ffff5deb000 ---p 00011000 fd:00 262622
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5deb000-7ffff5dec000 r--p 00010000 fd:00 262622
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5dec000-7ffff5ded000 rw-p 00011000 fd:00 262622
/usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7ffff5ded000-7ffff5e0b000 r-xp 00000000 fd:00 292288
/usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff5e0b000-7ffff600a000 ---p 0001e000 fd:00 292288
/usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600a000-7ffff600b000 r--p 0001d000 fd:00 292288
/usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600b000-7ffff600c000 rw-p 0001e000 fd:00 292288
/usr/lib/x86_64-linux-gnu/libwmflite-0.2.so.7.0.1
7ffff600c000-7ffff603e000 r-xp 00000000 fd:00 265762
/usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff603e000-7ffff623d000 ---p 00032000 fd:00 265762
/usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623d000-7ffff623e000 r--p 00031000 fd:00 265762
/usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623e000-7ffff623f000 rw-p 00032000 fd:00 265762
/usr/lib/x86_64-linux-gnu/libpng16.so.16.34.0
7ffff623f000-7ffff62a6000 r-xp 00000000 fd:00 268837
/usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff62a6000-7ffff64a6000 ---p 00067000 fd:00 268837
/usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a6000-7ffff64a7000 r--p 00067000 fd:00 268837
/usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a7000-7ffff64a8000 rw-p 00068000 fd:00 268837
/usr/lib/x86_64-linux-gnu/libjpeg.so.62.2.0
7ffff64a8000-7ffff6556000 r-xp 00000000 fd:00 280816
/usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff6556000-7ffff6755000 ---p 000ae000 fd:00 280816
/usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff6755000-7ffff675c000 r--p 000ad000 fd:00 280816
/usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff675c000-7ffff675d000 rw-p 000b4000 fd:00 280816
/usr/lib/x86_64-linux-gnu/libfreetype.so.6.14.0
7ffff675d000-7ffff67d0000 r-xp 00000000 fd:00 278111
/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff67d0000-7ffff69cf000 ---p 00073000 fd:00 278111
/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69cf000-7ffff69d3000 r--p 00072000 fd:00 278111
/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69d3000-7ffff69d4000 rw-p 00076000 fd:00 278111
/usr/lib/x86_64-linux-gnu/libtiff.so.5.2.6
7ffff69d4000-7ffff6a2a000 r-xp 00000000 fd:00 285298
/usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6a2a000-7ffff6c29000 ---p 00056000 fd:00 285298
/usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c29000-7ffff6c2b000 r--p 00055000 fd:00 285298
/usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c2b000-7ffff6c2f000 rw-p 00057000 fd:00 285298
/usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.8
7ffff6c2f000-7ffff6c30000 rw-p 00000000 00:00 0
7ffff6c30000-7ffff6c94000 r-xp 00000000 fd:00 273346
/usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6c94000-7ffff6e93000 ---p 00064000 fd:00 273346
/usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e93000-7ffff6e94000 r--p 00063000 fd:00 273346
/usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e94000-7ffff6e95000 rw-p 00064000 fd:00 273346
/usr/lib/x86_64-linux-gnu/libwebp.so.6.0.1
7ffff6e95000-7ffff6e97000 rw-p 00000000 00:00 0
7ffff6e97000-7ffff6ea2000 r-xp 00000000 fd:00 285632
/usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff6ea2000-7ffff70a1000 ---p 0000b000 fd:00 285632
/usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a1000-7ffff70a2000 r--p 0000a000 fd:00 285632
/usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a2000-7ffff70a5000 rw-p 0000b000 fd:00 285632
/usr/lib/x86_64-linux-gnu/libjbig.so.0
7ffff70a5000-7ffff7238000 r-xp 00000000 fd:00 524379
/lib/x86_64-linux-gnu/libc-2.24.so
7ffff7238000-7ffff7438000 ---p 00193000 fd:00 524379
/lib/x86_64-linux-gnu/libc-2.24.so
7ffff7438000-7ffff743c000 r--p 00193000 fd:00 524379
/lib/x86_64-linux-gnu/libc-2.24.so
7ffff743c000-7ffff743e000 rw-p 00197000 fd:00 524379
/lib/x86_64-linux-gnu/libc-2.24.so
7ffff743e000-7ffff7442000 rw-p 00000000 00:00 0
7ffff7442000-7ffff745a000 r-xp 00000000 fd:00 525210
/lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff745a000-7ffff7659000 ---p 00018000 fd:00 525210
/lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff7659000-7ffff765a000 r--p 00017000 fd:00 525210
/lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff765a000-7ffff765b000 rw-p 00018000 fd:00 525210
/lib/x86_64-linux-gnu/libpthread-2.24.so
7ffff765b000-7ffff765f000 rw-p 00000000 00:00 0
7ffff765f000-7ffff768c000 r-xp 00000000 fd:00 262814
/usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff768c000-7ffff788c000 ---p 0002d000 fd:00 262814
/usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788c000-7ffff788d000 r--p 0002d000 fd:00 262814
/usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788d000-7ffff788e000 rw-p 0002e000 fd:00 262814
/usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7ffff788e000-7ffff7b45000 r-xp 00000000 fd:00 299164
/usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7b45000-7ffff7d45000 ---p 002b7000 fd:00 299164
/usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7d45000-7ffff7d9d000 r--p 002b7000 fd:00 299164
/usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7d9d000-7ffff7dc0000 rw-p 0030f000 fd:00 299164
/usr/lib/libGraphicsMagick-Q16.so.3.16.0
7ffff7dc0000-7ffff7dd9000 rw-p 00000000 00:00 0
7ffff7dd9000-7ffff7dfc000 r-xp 00000000 fd:00 524317
/lib/x86_64-linux-gnu/ld-2.24.so
7ffff7e4a000-7ffff7e9b000 r--p 00000000 fd:00 265503
/usr/lib/locale/aa_DJ.utf8/LC_CTYPE
7ffff7e9b000-7ffff7fcb000 r--p 00000000 fd:00 265502
/usr/lib/locale/aa_DJ.utf8/LC_COLLATE
7ffff7fcb000-7ffff7fdc000 rw-p 00000000 00:00 0
7ffff7fe2000-7ffff7fe3000 rw-p 00000000 00:00 0
7ffff7fe3000-7ffff7fe4000 r--p 00000000 fd:00 265740
/usr/lib/locale/aa_ET/LC_NUMERIC
7ffff7fe4000-7ffff7fe5000 r--p 00000000 fd:00 310047
/usr/lib/locale/en_US.utf8/LC_TIME
7ffff7fe5000-7ffff7fe6000 r--p 00000000 fd:00 309676
/usr/lib/locale/chr_US/LC_MONETARY
7ffff7fe6000-7ffff7fe7000 r--p 00000000 fd:00 309892
/usr/lib/locale/en_AG/LC_MESSAGES/SYS_LC_MESSAGES
7ffff7fe7000-7ffff7fe8000 r--p 00000000 fd:00 309678
/usr/lib/locale/chr_US/LC_PAPER
7ffff7fe8000-7ffff7fe9000 r--p 00000000 fd:00 309677
/usr/lib/locale/chr_US/LC_NAME
7ffff7fe9000-7ffff7fea000 r--p 00000000 fd:00 310045
/usr/lib/locale/en_US.utf8/LC_ADDRESS
7ffff7fea000-7ffff7feb000 r--p 00000000 fd:00 309679
/usr/lib/locale/chr_US/LC_TELEPHONE
7ffff7feb000-7ffff7fec000 r--p 00000000 fd:00 309674
/usr/lib/locale/chr_US/LC_MEASUREMENT
7ffff7fec000-7ffff7ff3000 r--s 00000000 fd:00 338332
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7ffff7ff3000-7ffff7ff4000 r--p 00000000 fd:00 310046
/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
7ffff7ff4000-7ffff7ff7000 rw-p 00000000 00:00 0
7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00023000 fd:00 524317
/lib/x86_64-linux-gnu/ld-2.24.so
7ffff7ffd000-7ffff7ffe000 rw-p 00024000 fd:00 524317
/lib/x86_64-linux-gnu/ld-2.24.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff70d942a in __GI_abort () at abort.c:89
#2 0x00007ffff7115c00 in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x7ffff720ad78 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff711bfc6 in malloc_printerr (action=3, str=0x7ffff720ae88
"free(): invalid next size (fast)", ptr=<optimized out>, ar_ptr=<optimized
out>) at malloc.c:5049
#4 0x00007ffff711c80e in _int_free (av=0x7ffff743cb00 <main_arena>,
p=0x55555576ce80, have_lock=0) at malloc.c:3905
#5 0x00007ffff7ab715b in ReadTIFFImage (image_info=<optimized out>,
exception=<optimized out>) at coders/tiff.c:2375
#6 0x00007ffff79475d8 in ReadImage
(image_info=image_info@entry=0x555555774850,
exception=exception@entry=0x7fffffffe2c0) at magick/constitute.c:1607
#7 0x00007ffff7933ad4 in MontageImageCommand (image_info=0x555555774850,
argc=<optimized out>, argv=<optimized out>, metadata=0x0,
exception=0x7fffffffe2c0) at magick/command.c:14064
#8 0x00007ffff7916a94 in MagickCommand
(image_info=image_info@entry=0x555555774850, argc=argc@entry=3,
argv=argv@entry=0x7fffffffec40, metadata=metadata@entry=0x7fffffffe2b8,
exception=exception@entry=0x7fffffffe2c0) at magick/command.c:8869
#9 0x00007ffff7917ae6 in GMCommandSingle (argc=3, argc@entry=4,
argv=0x7fffffffec40, argv@entry=0x7fffffffec38) at magick/command.c:17396
#10 0x00007ffff793a45e in GMCommand (argc=4, argv=0x7fffffffec38) at
magick/command.c:17449
#11 0x00007ffff70c52e1 in __libc_start_main (main=0x555555554630 <main>,
argc=4, argv=0x7fffffffec38, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>,
stack_end=0x7fffffffec28) at ../csu/libc-start.c:291
#12 0x000055555555466a in _start ()
(gdb)
----cut---------cut---------cut---------cut---------cut---------cut-----
I'm filling this to the Debian BTS (but actually better is at
upstream) and able to keep track of progress/finding.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.3.26-15
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 15 Oct 2017 20:03:26 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev
libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl
graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat
graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-15
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing
ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing
ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared
library
libgraphicsmagick++1-dev - format-independent image processing - C++
development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared
library
libgraphicsmagick1-dev - format-independent image processing - C development
files
Closes: 878511
Changes:
graphicsmagick (1.3.26-15) unstable; urgency=high
.
* Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
Checksums-Sha1:
a630c0330891a53f508b0488517575c5e90b4b1e 2801 graphicsmagick_1.3.26-15.dsc
91c07073575e08d4ea2257d35dbef15f6c3219d7 161252
graphicsmagick_1.3.26-15.debian.tar.xz
2641039a2201734b44b0698af81f7263bc72a24a 3176612
graphicsmagick-dbg_1.3.26-15_amd64.deb
fda9be0cdf273bf729dd270951f6789976639554 25608
graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
f263a23fc563378cbb6a0c503b69fe11c32b75a3 29004
graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
0aaeb0b2f8d16511f224f47408bab3dd2e048959 11593
graphicsmagick_1.3.26-15_amd64.buildinfo
f70d26dac796b5fa880e37a8be9931044258f274 867500
graphicsmagick_1.3.26-15_amd64.deb
d6f29e786baff2a2fdabdc66bc8743ca51aaf400 72252
libgraphics-magick-perl_1.3.26-15_amd64.deb
72e8566a6f803564269fa5d864e52069798c2450 119838
libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
17b974cdf1701a6b31bef014bb19369c420ea0bc 304734
libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
5cc4c24c1cc1c684e7607320f99c9af58c269d04 1115806
libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
b5381b587fb73209b6efe689cc9b2d5865f366c8 1338030
libgraphicsmagick1-dev_1.3.26-15_amd64.deb
Checksums-Sha256:
4341114fbb18cc0db5e48ed2caa38a95f411dbbc40f7c2ba7f732f4fa8ebc401 2801
graphicsmagick_1.3.26-15.dsc
ed20b7beea399e389e40d8850670e8c37b7d301e4b0e08dc32d5869502cb3aab 161252
graphicsmagick_1.3.26-15.debian.tar.xz
e0028a956df732ffcd5b62a3f4f3d71160a6e78f2c5ef475606e4f4a9058ce68 3176612
graphicsmagick-dbg_1.3.26-15_amd64.deb
567225e992ee43c84f49189a3794bcd9147cf30f11c3a9bb37cee65d6c6bbabb 25608
graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
7a64c4325e930af1ca121f5699297afff5bbacaea8aebf473f917f799096caa2 29004
graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
666778ae588397817d4aa8d139b346f04d8735bd5ffab685191dd96d6c30fbe8 11593
graphicsmagick_1.3.26-15_amd64.buildinfo
21ca3727b02dbf1c9b363e6af08d5eb0cd1ac556fb5f54112194efacde093ca0 867500
graphicsmagick_1.3.26-15_amd64.deb
63b04e0bdc32643ace2ed98345a3359bd7843f34e09085c01c4110087733933c 72252
libgraphics-magick-perl_1.3.26-15_amd64.deb
bb1e8e767f4b859842d72554569a5220e46640921a4a7881f07e59fe0edc4274 119838
libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
73f407ebad40f4b5e15810acc9bd6fda3d0d0efc2219a3223c9683ebd69d338f 304734
libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
a59641cc62fc8172ae93b63de494c7e04d829fcba92abd779c28d5698e178caa 1115806
libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
72088d295fe94934ce4abf9cd3f9a1feb3a3eac3816dd2ab59af2d78bd13892c 1338030
libgraphicsmagick1-dev_1.3.26-15_amd64.deb
Files:
23f80ff936dfc8aaa076ba9915e65e08 2801 graphics optional
graphicsmagick_1.3.26-15.dsc
453aed2643b779e52c71727b0a123232 161252 graphics optional
graphicsmagick_1.3.26-15.debian.tar.xz
b9d7fd1f55f98fcfe6e93da33e7403ad 3176612 debug optional
graphicsmagick-dbg_1.3.26-15_amd64.deb
a60c8dc2374721bae5e8b564cd9d2d2b 25608 graphics optional
graphicsmagick-imagemagick-compat_1.3.26-15_all.deb
0c64fe943cfda9ff9987f725994d19a1 29004 graphics optional
graphicsmagick-libmagick-dev-compat_1.3.26-15_all.deb
41807020dccb2dc3445ba3f7158c2b1f 11593 graphics optional
graphicsmagick_1.3.26-15_amd64.buildinfo
ebc3b09c575ac809acf4908437ec544c 867500 graphics optional
graphicsmagick_1.3.26-15_amd64.deb
057b021b76a7e49d561ab5581e35cf13 72252 perl optional
libgraphics-magick-perl_1.3.26-15_amd64.deb
f5ff7ea54df7b854a343c4c8a71a4b2a 119838 libs optional
libgraphicsmagick++-q16-12_1.3.26-15_amd64.deb
18c2acd1439cab270c7c702d2d3ea182 304734 libdevel optional
libgraphicsmagick++1-dev_1.3.26-15_amd64.deb
4ba6821ceb7a2a35ea435efa4645c6fb 1115806 libs optional
libgraphicsmagick-q16-3_1.3.26-15_amd64.deb
00c7507fc97521892210483f6e0d1c3e 1338030 libdevel optional
libgraphicsmagick1-dev_1.3.26-15_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlnjyEMACgkQ3OMQ54ZM
yL/WUxAAqe+Tz5zK4lN7eAmQp29/4WAlEGIs16Wp8tvHvhEujJvLcc1jWnOvVK9a
s1X7RLs47vawGghqKLOjE3ynD1AaeTxAloAdL8hkRk4gM7FLnEIAK1DRKa0jPIon
X26LDSBCJH49OXOovmO51fXzOdbDnij5zSnKe/HJdmbsiN2Oe0HwTEKqEGvRkG4U
4JOUFyXUdYcCxtpkz3U5xsAuiwg8aT45440eq5uCI6omwPnRPC7EExGloLJ6A5gq
3Uip4EweF6b/dPq6HcOrqbpPnbjfvVsuVAksoKejOIkDPHNe1AEd5GCmkwIfow7U
lMgSWd0uXu6+bnDenZgEDScR/VTzJhF3lbSDySGODHhSg8jPDq9M7VCp4YSQSoOK
YcAUEP2se6OPIdZW3p4SZz2xltVctiyn3ltRBJNmidX+6hh7xFqBFD0BkAnW4f9l
Kzov4oZr21xpaQ9eCP52mKEhraThFvpUSAEtnd6l1UCTvOOkWjaGbFMXfrqFxLi+
2gJ0kq4OlYcWufA/KieWkOZ0gO9tYwagQTpnxYECf34PlwNB+8VmVcVsz3/oyVTh
PZSXC2tu3hVvFq+rO37RIHlylOnXJYqLZScc5YxeGsJD/YEq8C/qNNDn83vUOR0u
HU+UtlUSPa8BiYZurkV7jFR77UOiGScrbleeMHmcwnguLfgqcAc=
=2WTN
-----END PGP SIGNATURE-----
--- End Message ---
