Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 354
    • Issues 354
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #319

Closed
Open
Created Jul 01, 2020 by Emily@emily🤖

user/imagemagick: TIFF BlobToStringInfo heap-based buffer overread

Bugzilla ID 319
Alias(es) CVE-2020-13902
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-07-01 14:08:03 -0500
Modified 2020-10-30 22:47:39 -0500
Status IN_PROGRESS
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
Package(s) user/imagemagick
URL https://github.com/ImageMagick/ImageMagick/discussions/2132#discussioncomment-25872

Description

CVE-2020-13902: https://nvd.nist.gov/vuln/detail/CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-
read in BlobToStringInfo in MagickCore/string.c during TIFF image
decoding.

https://github.com/ImageMagick/ImageMagick/discussions/2132#discussioncomment-25872

This is not actually present yet because our libtiff hasn't changed
TIFFTAG_RICHTIFFIPTC from TIFF_LONG/TIFF_SETGET_C32_UINT32 to
TIFF_UNDEFINED/TIFF_SETGET_C32_UINT8 yet. That change was introduced in
this commit:

https://gitlab.com/libtiff/libtiff/-/commit/1fc1faa5a91df37b9f70b71a448777f61af20b96

Once that change makes it into a released version and we upgrade to it,
imagemagick will become vulnerable to this issue. The fix below hasn't
been backported to the 7.0.8 branch, but has been released in the 7.0.10
branch.

https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0

Assignee
Assign to
Time tracking