security update regression in 'convert' tool when creating an image containing a text label

Bug #1646485 reported by Mikkel Krautz on 2016-12-01
50
This bug affects 6 people
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
High
Ubuntu Security Team
Precise
High
Marc Deslauriers
Trusty
High
Marc Deslauriers

Bug Description

Running the following command doesn't work anymore:

   convert -background transparent -fill black -pointsize 32 label:test out.png

when libmagickcore4-8:6.6.9.7-5ubuntu3.6 is installed.

It fails with the following error:

convert: missing an image filename `out.png' @ error/convert.c/ConvertImageCommand/3011.

and exits with status 1.

It works fine when I downgrade libmagickcore4 to 8:6.6.9.7-5ubuntu3.5.
The image is created, and the exit status is 0.

It seems like the security patches in 8:6.6.9.7-5ubuntu3.6 broke this behavior.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libmagickcore4 8:6.6.9.7-5ubuntu3.6
ProcVersionSignature: Ubuntu 3.13.0-39.66~precise1-generic 3.13.11.8
Uname: Linux 3.13.0-39-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.13
Architecture: amd64
Date: Thu Dec 1 05:02:54 2016
InstallationMedia: Ubuntu 12.04.5 LTS "Precise Pangolin" - Release amd64 (20140807.1)
MarkForUpload: True
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)

Mikkel Krautz (mkrautz) wrote :
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in imagemagick (Ubuntu):
status: New → Confirmed
tags: added: regression-proposed
tags: added: regression-update
removed: regression-proposed
Changed in imagemagick (Ubuntu):
importance: Undecided → High
tags: added: trusty
Changed in imagemagick (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
tyrun demeg (tyrun.demeg) wrote :

Confirming I'm seeing this same bug.

$> convert -background transparent -fill black -pointsize 32 label:test out.png

convert.im6: no images defined `out.png' @ error/convert.c/ConvertImageCommand/3044.

$> convert -version

Version: ImageMagick 6.7.7-10 2016-11-29 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP

Ubuntu 14.04

$> lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty

Marc Deslauriers (mdeslaur) wrote :

This is caused by a bad patch backport to trusty and precise. I'll be releasing a fix for this issue today or tomorrow.

Changed in imagemagick (Ubuntu Precise):
status: New → Confirmed
Changed in imagemagick (Ubuntu Trusty):
status: New → Confirmed
Changed in imagemagick (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Precise):
importance: Undecided → High
Changed in imagemagick (Ubuntu Trusty):
importance: Undecided → High
Changed in imagemagick (Ubuntu):
status: Confirmed → Invalid
tyrun demeg (tyrun.demeg) wrote :

Marc, that would be amazing; I'm on deadline by the end of the month to wrap up a migration of some legacy code and Imagemagick is one of those requirements (the others being older versions of PHP/Apache), thus why I'm on Ubuntu 14.04.

The current workaround I have is to set up a small Ubuntu 16.04 box that has a version of ImageMagick that works and utilize NFS to get it back to the main box; it's hacky, but it's the only thing I could come up without having to try to get everything else working on 16.04.

If you could get this patch released today I may not have to go that route, either way it's much appreciated, thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.4

---------------
imagemagick (8:6.7.7.10-6ubuntu3.4) trusty-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500

Changed in imagemagick (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.6.9.7-5ubuntu3.7

---------------
imagemagick (8:6.6.9.7-5ubuntu3.7) precise-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:08:13 -0500

Changed in imagemagick (Ubuntu Precise):
status: Confirmed → Fix Released
tyrun demeg (tyrun.demeg) wrote :

That fixed the issue, thanks Marc!!

MrJOHN (johntin1988) on 2017-02-23
Changed in imagemagick (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers