Bug 32076

Stig looks after this, so over to you.

Assignee: bugsquad => smelror

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. (CVE-2021-3610)

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. (CVE-2023-3195)

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428)

This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

References:
https://ubuntu.com/security/notices/USN-6200-1
========================

Updated packages in core/updates_testing:
========================
imagemagick-7.1.1.29-1.mga9
imagemagick-desktop-7.1.1.29-1.mga9
imagemagick-doc-7.1.1.29-1.mga9
lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.mga9
lib(64)magick-7Q16HDRI_10-7.1.1.29-1.mga9
lib(64)magick-devel-7.1.1.29-1.mga9
perl-Image-Magick-7.1.1.29-1.mga9

from SRPM:
imagemagick-7.1.1.29-1.mga9.src.rpm

Updated packages in tainted/updates_testing:
========================
imagemagick-7.1.1.29-1.mga9.tainted
imagemagick-desktop-7.1.1.29-1.mga9.tainted
imagemagick-doc-7.1.1.29-1.mga9.tainted
lib(64)magick++-7Q16HDRI_5-7.1.1.29-1.mga9.tainted
lib(64)magick-7Q16HDRI_10-7.1.1.29-1.mga9.tainted
lib(64)magick-devel-7.1.1.29-1.mga9.tainted
perl-Image-Magick-7.1.1.29-1.mga9.tainted

from SRPM:
imagemagick-7.1.1.29-1.mga9.tainted.src.rpm

Assignee: smelror => qa-bugs
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Status comment: Fixed upstream in 7.1.1-12 => (none)
Source RPM: imagemagick-7.1.1.11-2.mga9.src.rpm => imagemagick-7.1.1.11-2.1.mga9.src.rpm
Version: Cauldron => 9
Status: NEW => ASSIGNED
CVE: (none) => CVE-2021-3610, CVE-2023-3195, CVE-2023-3428, CVE-2023-34151

MGA9-64 Plasma Wayland on HP-Pavillion
First installed core versions and followed some examples from bug 31817;
$ convert  voss1001.jpeg test1.png

$ convert voss1001.jpeg -background grey44 -vignette 0x5  test2.gif
$ mogrify -rotate 270   voss1002.jpeg 
$ mogrify -rotate 90   voss1002.jpeg 
[tester9@mach4 testfiles]$ conv
convbkmk        convbkmk.rb     convert         convertgls2bib  convertquota    convertsession
$ convert voss1002.jpeg voss2.tiff
$ identify voss2.tiff
voss2.tiff TIFF 3248x2136 3248x2136+0+0 8-bit sRGB 19.8495MiB 0.000u 0:00.000
$ convert -resize 120%x80%  voss2.tiff voss2.jpg
$ identify voss2.jpg 
voss2.jpg JPEG 3898x1709 3898x1709+0+0 8-bit sRGB 991489B 0.000u 0:00.000
All generated files display correctly.
Continuing later fro tainted versions

CC: (none) => herman.viaene

Installed tainted versions, deleted the generated images from first test and repeated the same commands with the same corect results. Fair enough

Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0064.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED