Summary: | <media-gfx/graphicsmagick-1.3.12: multiple vulnerabilities (CVE-2008-1097,CVE-2009-{1882,3736}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | ta2002 <throw_away_2002> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt, graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.graphicsmagick.org/NEWS.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
ta2002
2011-05-03 00:43:29 UTC
The security fixes listed at $URL: 1.4 (not yet released) Security Fixes: * Fixed array underflow on systems using signed char which could result in a program crash due to extended characters in filenames or in certain file formats. * Fix for CVE-2009-1882 "Integer overflow in the XMakeImage function". * Fix lockup due to hanging in loop while parsing malformed sub-image specification (SourceForge issue 2886560). * Libltdl: Updated libtool to 2.2.6b in order to fix security issue. Resolves CVE-2009-3736 as it pertains to GraphicsMagick. * PCX: Detect improper rows, columns, or depth. Fixes CVE-2008-1097 "Memory corruption in ImageMagick's PCX coder". * DrawDashPolygon: Avoid a crash which sometimes occured with tiny polygons. CVE-2008-1097,CVE-2009-1882,CVE-2009-3736 According to the Changelog (http://www.graphicsmagick.org/NEWS.html), the vulnerabilities mentioned were fixed long ago.(in the 1.3.x series). However, the current stable version (1.16-r1) does have security issues (CVE-2012-3438 and CVE-2012-3386) that were fixed in 1.17. New GLSA request filed. This issue was resolved and addressed in GLSA 201311-10 at http://security.gentoo.org/glsa/glsa-201311-10.xml by GLSA coordinator Sean Amoss (ackle). |