CVE-2016-10070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10070): Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
From http://www.graphicsmagick.org/Changelog.html: > 2017-09-14 Bob Friesenhahn <bfriesen@...> > > coders/mat.c (ReadMATImage): Fix CVE-2016-10070, which is a heap > overflow in the MAT reader due to an under-sized memory allocation. > Based on private email from Petr Gajdos on Mon, 11 Sep 2017. Upstream patch: https://sourceforge.net/p/graphicsmagick/code/ci/a0e598438aa970f237fa9b35edce0728cc144f29/
@maintainer(s), please clean the vulnerable version from the tree.
cleanup will be tracked in bug #640690 GLSA Vote: No