Graphicsmagick is vulnerable to the same heap overflow as Imagemagick - see bug 90423. Bug filed upstream at https://sourceforge.net/tracker/index.php?func=detail&aid=1190872&group_id=73485&atid=537937.
See bug 90423, this may be considered a crash bug rather than a vulnerability.
*** Bug 91301 has been marked as a duplicate of this bug. ***
Taviso confirmed this is a DoS issue. Please provide an updated ebuild.
Bumped to 1.1.6 + stabled x86.
Stable on ppc.
DoS issue not fixed. We'll wait on the main imagemagick fix.
Is the xwd DoS thing present in graphicsmagick too ? Or just the unexploitable PNM overflow thing ?
yep, it shares the xwd code that causes the DoS.
OK, we need to push this upstream then...
upstream contacted as requested.
Upstream patched it here : http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xwd.c.diff?r1=1.88&r2=1.88.2.1 and mentions Tavis in their Changelog : http://www.graphicsmagick.org/www/Changelog.html Not yet in an official release. kloeri, feel like to bump the current one with the patch ?
Just committed -1.1.6-r1 with the patch included. PPC, please test and stable.
GLSA 200505-16