Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
tag 291033 - woody tag 291033 + patch tag 291033 - fixed merge 291033 291118 tag 291033 + sarge thanks On Tue, Jan 18, 2005 at 04:24:28PM -0500, Joey Hess wrote: > Our imagemagick package has a buffer overflow security hole, as > described here: > > http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities This is a duplicate of #291033. Sid has already been fixed earlier today, and a woody update is being prepared. But okay, let's keep the bugs open until the fix has migrated to sarge. I've tweaked the tags accordingly. Regards, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Processing commands for [EMAIL PROTECTED]: > tag 291033 - woody Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: fixed security woody Tags removed: woody > tag 291033 + patch Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: fixed security Tags added: patch > tag 291033 - fixed Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: patch fixed security Tags removed: fixed > merge 291033 291118 Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder Merged 291033 291118. > tag 291033 + sarge Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability Tags were: security patch Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder Tags added: sarge > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Package: imagemagick Version: 6:6.0.6.2-1.6 Severity: grave Tags: security patch Our imagemagick package has a buffer overflow security hole, as described here: http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities I've attached a patch sideported from Ubuntu. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages imagemagick depends on: ii libmagick6 6:6.0.6.2-1.6 Image manipulation library -- no debconf information -- see shy jo --- imagemagick-6.0.2.5.orig/coders/psd.c +++ imagemagick-6.0.2.5/coders/psd.c @@ -672,6 +672,8 @@ } (void) ReadBlob(image,6,psd_info.reserved); psd_info.channels=ReadBlobMSBShort(image); + if (psd_info.channels > 24) +ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); psd_info.rows=ReadBlobMSBLong(image); psd_info.columns=ReadBlobMSBLong(image); psd_info.depth=ReadBlobMSBShort(image); @@ -853,6 +855,8 @@ layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y); layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x); layer_info[i].channels=ReadBlobMSBShort(image); +if (layer_info[i].channels > 24) + ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule()," offset(%ld,%ld), size(%ld,%ld), channels=%d", layer_info[i].page.x, layer_info[i].page.y, signature.asc Description: Digital signature
