Summary: | media-gfx/graphicsmagick xwd infinite loop DoS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bryan Østergaard (RETIRED) <kloeri> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | formula7 |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [glsa] koon | ||
Package list: | Runtime testing required: | --- |
Description
Bryan Østergaard (RETIRED)
2005-04-27 02:42:58 UTC
See bug 90423, this may be considered a crash bug rather than a vulnerability. *** Bug 91301 has been marked as a duplicate of this bug. *** Taviso confirmed this is a DoS issue. Please provide an updated ebuild. Bumped to 1.1.6 + stabled x86. Stable on ppc. DoS issue not fixed. We'll wait on the main imagemagick fix. Is the xwd DoS thing present in graphicsmagick too ? Or just the unexploitable PNM overflow thing ? yep, it shares the xwd code that causes the DoS. OK, we need to push this upstream then... upstream contacted as requested. Upstream patched it here : http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xwd.c.diff?r1=1.88&r2=1.88.2.1 and mentions Tavis in their Changelog : http://www.graphicsmagick.org/www/Changelog.html Not yet in an official release. kloeri, feel like to bump the current one with the patch ? Just committed -1.1.6-r1 with the patch included. PPC, please test and stable. Stable on ppc. GLSA 200505-16 |