The only version of graphicsmagick in portage has multiple confirmed vulnerabilities. Version 1.4, which fixes these has not been released yet, though snapshots are available. Reproducible: Always
The security fixes listed at $URL: 1.4 (not yet released) Security Fixes: * Fixed array underflow on systems using signed char which could result in a program crash due to extended characters in filenames or in certain file formats. * Fix for CVE-2009-1882 "Integer overflow in the XMakeImage function". * Fix lockup due to hanging in loop while parsing malformed sub-image specification (SourceForge issue 2886560). * Libltdl: Updated libtool to 2.2.6b in order to fix security issue. Resolves CVE-2009-3736 as it pertains to GraphicsMagick. * PCX: Detect improper rows, columns, or depth. Fixes CVE-2008-1097 "Memory corruption in ImageMagick's PCX coder". * DrawDashPolygon: Avoid a crash which sometimes occured with tiny polygons. CVE-2008-1097,CVE-2009-1882,CVE-2009-3736
According to the Changelog (http://www.graphicsmagick.org/NEWS.html), the vulnerabilities mentioned were fixed long ago.(in the 1.3.x series). However, the current stable version (1.16-r1) does have security issues (CVE-2012-3438 and CVE-2012-3386) that were fixed in 1.17.
New GLSA request filed.
This issue was resolved and addressed in GLSA 201311-10 at http://security.gentoo.org/glsa/glsa-201311-10.xml by GLSA coordinator Sean Amoss (ackle).
