Bug #1589580 “Security improvements to TEXT coder broke it” : Bugs : imagemagick package : Ubuntu

Bug Description

In ubuntu 16.04 (xenial):

$ convert test.txt test.pdf
convert: improper image header `test.txt' @ error/txt.c/ReadTXTImage/433.
convert: no images defined `test.pdf' @ error/convert.c/ConvertImageCommand/3210.

$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04

$ apt-cache policy imagemagick
imagemagick:
  Installed: 8:6.8.9.9-7ubuntu5.1
  Candidate: 8:6.8.9.9-7ubuntu5.1
  Version table:
*** 8:6.8.9.9-7ubuntu5.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     8:6.8.9.9-7ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Tags: Edit Tag help

Launchpad Janitor (janitor) wrote on 2016-06-13:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in imagemagick (Ubuntu):
status:	New → Confirmed

dsitze (dsitze) wrote on 2016-07-28:

See http://www.imagemagick.org/discourse-server/viewtopic.php?t=29754

Initial symptom is consistent w/ policy change. Comment out the line for text coder in /etc/ImageMagic-6.

The command now requires (per security update) text to be explicit:

convert text:test.txt test.pdf

However, now you'll get:
convert: ../../coders/txt.c:197: ReadTEXTImage: Assertion `exception != (ExceptionInfo *) NULL' failed.
Aborted (core dumped)

As indicated in the linked discussion, this has been fixed in later versions.

Mathew Hodson (mathew-hodson) wrote on 2017-02-19:

Fixed upstream with https://github.com/ImageMagick/ImageMagick/commit/6aa437636a348414dfba103f873684f76f9f9934

tags:	added: patch-accepted-upstream regression-update xenial
Changed in imagemagick (Ubuntu):
importance:	Undecided → High
summary:	- Text files cannot be converted to pdf + Security improvements to TEXT coder broke it
tags:	removed: patch-accepted-upstream

Brian Murray (brian-murray) on 2017-02-21

Changed in imagemagick (Ubuntu):
assignee:	nobody → Ubuntu Security Team (ubuntu-security)

Marc Deslauriers (mdeslaur) on 2017-02-22

Changed in imagemagick (Ubuntu Precise):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Trusty):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Xenial):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Yakkety):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Precise):
status:	New → Confirmed
Changed in imagemagick (Ubuntu Trusty):
status:	New → Confirmed
Changed in imagemagick (Ubuntu Xenial):
status:	New → Confirmed
Changed in imagemagick (Ubuntu Yakkety):
status:	New → Confirmed
Changed in imagemagick (Ubuntu Precise):
importance:	Undecided → High
Changed in imagemagick (Ubuntu Trusty):
importance:	Undecided → High
Changed in imagemagick (Ubuntu Xenial):
importance:	Undecided → High
Changed in imagemagick (Ubuntu Yakkety):
importance:	Undecided → High

Launchpad Janitor (janitor) wrote on 2017-02-22:

This bug was fixed in the package imagemagick - 8:6.8.9.9-7ubuntu8.3

---------------
imagemagick (8:6.8.9.9-7ubuntu8.3) yakkety-security; urgency=medium

  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:10:55 -0500

Changed in imagemagick (Ubuntu Yakkety):
status:	Confirmed → Fix Released

Launchpad Janitor (janitor) wrote on 2017-02-22:

This bug was fixed in the package imagemagick - 8:6.8.9.9-7ubuntu5.4

---------------
imagemagick (8:6.8.9.9-7ubuntu5.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:41:06 -0500

Changed in imagemagick (Ubuntu Xenial):
status:	Confirmed → Fix Released

Launchpad Janitor (janitor) wrote on 2017-02-22:

This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.4

---------------
imagemagick (8:6.7.7.10-6ubuntu3.4) trusty-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500

Changed in imagemagick (Ubuntu Trusty):
status:	Confirmed → Fix Released

Launchpad Janitor (janitor) wrote on 2017-02-22:

This bug was fixed in the package imagemagick - 8:6.6.9.7-5ubuntu3.7

---------------
imagemagick (8:6.6.9.7-5ubuntu3.7) precise-security; urgency=medium

-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:08:13 -0500

Changed in imagemagick (Ubuntu Precise):
status:	Confirmed → Fix Released

Marc Deslauriers (mdeslaur) on 2017-02-22

Changed in imagemagick (Ubuntu):
status:	Confirmed → Fix Committed

Ubuntu
imagemagick package

Security improvements to TEXT coder broke it

Bug Description

Other bug subscribers

Ubuntuimagemagick package

Security improvements to TEXT coder broke it

Bug Description

Other bug subscribers

Ubuntu
imagemagick package