https://bugzilla.redhat.com/show_bug.cgi?id=2116537
Bug ID: 2116537 Summary: ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: tcullum@redhat.com CC: blaise@gmail.com, dcavalca@fb.com, epel-packagers-sig@lists.fedoraproject.org, fedora@famillecollet.com, jhorak@redhat.com, luya_tfz@thefinalzone.net, michel@michel-slm.name, ngompa13@gmail.com, pampelmuse@gmx.at, sergio@serjux.com, troy@troycurtisjr.com Target Milestone: --- Classification: Other
In ImageMagick 7.1.0-29, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
References: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9...
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2116536
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2022-2719 Summary|ImageMagick: Assertion |CVE-2022-2719 ImageMagick: |Failure could lead to DoS |Assertion Failure could |due to attempted writing of |lead to DoS due to |NULL image list |attempted writing of NULL | |image list
--- Comment #1 from Todd Cullum tcullum@redhat.com --- Similar but not exactly the same as CVE-2015-8898.
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2116541, 2116540
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2116540 [Bug 2116540] CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2116541 [Bug 2116541] CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
--- Comment #2 from Todd Cullum tcullum@redhat.com --- Created ImageMagick tracking bugs for this issue:
Affects: epel-all [bug 2116541] Affects: fedora-all [bug 2116540]
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
--- Comment #3 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-2719
https://bugzilla.redhat.com/show_bug.cgi?id=2116537
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2022-08-31 23:32:54
https://bugzilla.redhat.com/show_bug.cgi?id=2116537 Bug 2116537 depends on bug 2116540, which changed state.
Bug 2116540 Summary: CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2116540
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
epel-packagers-sig@lists.stg.fedoraproject.org