 
oss-sec mailing list archives
Re: Stack overflow in imagemagick coders/tiff.c
From: Bastien Roucariès <rouca () debian org>
Date: Mon, 29 May 2023 17:15:31 +0000
Le lundi 29 mai 2023, 08:11:18 UTC Bastien Roucariès a écrit : Hi following this bug I will also ask a few other CVE for imagemagick tiff coder (BTW cc me I am not subscribed)
Hi,
CVE#0
Reading changelog and code of imagemagick, I want to report a stack overflow with crafted tiff file in imagemagick Fixed (after 6.9.12-26) by: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 Original reporter was Muhammad Aldo Firmansyah Thanks Bastien (rouca)
CVE #1
commit 7dbefda1c14e32d7bc4d3762a3a54f3ddaa85dd1
Author: Dirk Lemstra <dirk () lemstra org>
Date:   Sat Feb 19 07:46:46 2022 +0100
    Raise exception when image could not be read but no exception was raised.
    
    Bail out in case of corrupted image
    
    https://github.com/ImageMagick/ImageMagick6/commit/3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b
    (cherry picked from commit 3e15c68efcb1e6383c93e7dfe38ba6c37e614d1b)
CVE#2
commit 08f1e56a006d939dc85ddfab29e85579a65f4943
Author: Cristy <urban-warrior () imagemagick org>
Date:   Fri Feb 11 10:46:49 2022 -0500
    Fix unintialised value
    
    bug: https://github.com/ImageMagick/ImageMagick/issues/4830
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/409d42205927c98cbb852ca96e109716f38f04ab
CVE#3
commit fb2beb87936fc0155431f655a937e869a86edf16
Author: Cristy <urban-warrior () imagemagick org>
Date:   Thu Mar 17 15:02:49 2022 -0400
    Fix buffer overrun in TIFF coder
    
    bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549
    origin: https://github.com/ImageMagick/ImageMagick6/commit/de6ada9a068b01494bfb848024ed46942da9d238
commit 4e1a165888a6aa7230dbdd7c87f59aadd5dbedec
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Fri Dec 17 14:05:04 2021 -0500
    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/add9cb14e14eef02806715d97abcf5d04a3e55dd
commit 1b899a81bfdfec4cbe1ec7458825c50f00144fdb
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Sun Mar 14 07:44:52 2021 -0400
    Fix buffer overrun in TIFF coder
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/2204eb57ae00b005b39165a47b8984eac01600a5
CVE#4
commit 01669597f665868cf1e4ccf27ab6fcd52aadaa43
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Sat Nov 6 09:01:26 2021 -0400
    early exit on exception
    
    In case of malformed tiff image bail early
    
    origin: https://github.com/ImageMagick/ImageMagick6/commit/b272acab91444f2115099fe51ee6c91bb4db5d50
    (cherry picked from commit b272acab91444f2115099fe51ee6c91bb4db5d50)
CVE#5
commit 506cdfbc6d246301be4b12ccdfc6d493c643deca
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Sat Sep 4 07:45:17 2021 -0400
    initialize buffer before calling TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae
commit f4ac98518241b8074735314f27b7eb47ee823e57
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Fri Sep 3 19:45:32 2021 -0400
    Fix a non initialized value passed to TIFFGetField()
    
    bug-oss-fuzz: https://oss-fuzz.com/testcase-detail/6502669439598592
    bug: https://github.com/ImageMagick/ImageMagick6/issues/246
    origin: https://github.com/ImageMagick/ImageMagick6/commit/995de330310dd35531165d9471fe4d31e0fa79ae
CVE#6
commit 0c1a7d649cfc31ec53f0f5c20c0e793df2512ac5
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Mon Jul 26 13:38:45 2021 -0400
    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245
    origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea
commit b0c59a56625aaa3a9c13bfe4f88e287c38e062c9
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Mon Jul 26 13:26:21 2021 -0400
    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/35b88c9166bc1b3ce8893f52217bae00d8e2c532
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245
commit b7882f2795db4e4e8f578cbe712dc4b81a47113f
Author: Cristy <mikayla-grace () urban-warrior org>
Date:   Mon Jul 26 13:08:57 2021 -0400
    heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell)
    
    origin:  https://github.com/ImageMagick/ImageMagick6/commit/e1fbcdf3aad96d51db65c1601117396eac665a6d
    bug: https://github.com/ImageMagick/ImageMagick6/issues/245
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Bastien Roucariès (May 29)
- Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso (Jun 13)
- Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn (Jun 14)
 
 


