From ${URL} : Description A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function (magick/export.c) when exporting 8-bit RGBA images and can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18. Solution: Update to version 1.3.18. Provided and/or discovered by: Matt Walkenhorst within a discussion topic. Original Advisory: http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
added to existing GLSA draft
This issue was resolved and addressed in GLSA 201311-10 at http://security.gentoo.org/glsa/glsa-201311-10.xml by GLSA coordinator Sean Amoss (ackle).
CVE-2013-4589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4589): The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.