[Secure-testing-team] Bug#879999: graphicsmagick: CVE-2017-15930: Null pointer dereference while transferring JPEG scanlines
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 28 07:52:34 UTC 2017
Source: graphicsmagick
Version: 1.3.26-15
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/518/
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2017-15930[0]:
| In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null
| Pointer Dereference occurs while transferring JPEG scanlines, related
| to a PixelPacket pointer.
While testing I was as well not able to reach the NULL pointer
dereference but made the same observation as Bob Friesenhahn, that
graphicsmagick spends a lot of time convertingthe image crating a huge
temporary file, in my case reaching no space left on /tmp and
aborting with
/usr/bin/gm convert: Unable to sync cache (check temporary file disk space) (null_pointer_ReadOneJNGImage) [No space left on device].
but looking at the code the issue look spresent to be at least in
1.3.26-15. Possibly earlier, please adjust the affected versions as
needed in the BTS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15930
[1] https://sourceforge.net/p/graphicsmagick/bugs/518/
Regards,
Salvatore
More information about the Secure-testing-team
mailing list