Ubuntu
imagemagick package

Security improvements to TEXT coder broke it

Bug #1589580 reported by Dashamir Hoxha
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
imagemagick (Ubuntu)
Fix Released
High
Ubuntu Security Team
Precise
Fix Released
High
Marc Deslauriers
Trusty
Fix Released
High
Marc Deslauriers
Xenial
Fix Released
High
Marc Deslauriers
Yakkety
Fix Released
High
Marc Deslauriers

Bug Description

In ubuntu 16.04 (xenial):

$ convert test.txt test.pdf
convert: improper image header `test.txt' @ error/txt.c/ReadTXTImage/433.
convert: no images defined `test.pdf' @ error/convert.c/ConvertImageCommand/3210.

$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04

$ apt-cache policy imagemagick
imagemagick:
  Installed: 8:6.8.9.9-7ubuntu5.1
  Candidate: 8:6.8.9.9-7ubuntu5.1
  Version table:
 *** 8:6.8.9.9-7ubuntu5.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     8:6.8.9.9-7ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in imagemagick (Ubuntu):
status: New → Confirmed
Revision history for this message
dsitze (dsitze) wrote :

See http://www.imagemagick.org/discourse-server/viewtopic.php?t=29754

Initial symptom is consistent w/ policy change. Comment out the line for text coder in /etc/ImageMagic-6.

The command now requires (per security update) text to be explicit:

convert text:test.txt test.pdf

However, now you'll get:
convert: ../../coders/txt.c:197: ReadTEXTImage: Assertion `exception != (ExceptionInfo *) NULL' failed.
Aborted (core dumped)

As indicated in the linked discussion, this has been fixed in later versions.

Revision history for this message
Mathew Hodson (mhodson) wrote :

Fixed upstream with https://github.com/ImageMagick/ImageMagick/commit/6aa437636a348414dfba103f873684f76f9f9934

tags: added: patch-accepted-upstream regression-update xenial
Changed in imagemagick (Ubuntu):
importance: Undecided → High
summary: - Text files cannot be converted to pdf
+ Security improvements to TEXT coder broke it
tags: removed: patch-accepted-upstream
Brian Murray (brian-murray)
Changed in imagemagick (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu Precise):
status: New → Confirmed
Changed in imagemagick (Ubuntu Trusty):
status: New → Confirmed
Changed in imagemagick (Ubuntu Xenial):
status: New → Confirmed
Changed in imagemagick (Ubuntu Yakkety):
status: New → Confirmed
Changed in imagemagick (Ubuntu Precise):
importance: Undecided → High
Changed in imagemagick (Ubuntu Trusty):
importance: Undecided → High
Changed in imagemagick (Ubuntu Xenial):
importance: Undecided → High
Changed in imagemagick (Ubuntu Yakkety):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.8.9.9-7ubuntu8.3

---------------
imagemagick (8:6.8.9.9-7ubuntu8.3) yakkety-security; urgency=medium

  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:10:55 -0500

Changed in imagemagick (Ubuntu Yakkety):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.8.9.9-7ubuntu5.4

---------------
imagemagick (8:6.8.9.9-7ubuntu5.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:41:06 -0500

Changed in imagemagick (Ubuntu Xenial):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.4

---------------
imagemagick (8:6.7.7.10-6ubuntu3.4) trusty-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500

Changed in imagemagick (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package imagemagick - 8:6.6.9.7-5ubuntu3.7

---------------
imagemagick (8:6.6.9.7-5ubuntu3.7) precise-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:08:13 -0500

Changed in imagemagick (Ubuntu Precise):
status: Confirmed → Fix Released
Marc Deslauriers (mdeslaur)
Changed in imagemagick (Ubuntu):
status: Confirmed → Fix Committed
Amr Ibrahim (amribrahim1987)
Changed in imagemagick (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.