Bug 170855

Summary:	media-gfx/imagemagick incomplete fix for CVE-2006-5456 (CVE-2007-0770)
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	graphics+disabled, sekretarz
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770
Whiteboard:	B2 [ebuild++] Falco
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-03-14 12:18:24 UTC

Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.


Credits for finding this issue go to: Vladimir Nadvornik (Novell/SUSE)

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-03-14 13:23:51 UTC

Debian has fixed it so patches are available

CCing maintainer

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-03-25 07:00:38 UTC

Pulling in herd for assistance.

Comment 3 Matt Drew (RETIRED) gentoo-dev

2007-04-11 20:03:34 UTC


*** This bug has been marked as a duplicate of bug 152672 ***