Summary: | <media-gfx/imagemagick-6.7.6.4 : incorrect fix for CVE-2012-0247 and CVE-2012-0248 - (CVE-2012-{1185,1186}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 410867 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-03-23 12:24:59 UTC
6.7.6.4 now in Portage. See also bug 410867 Thanks, folks. GLSA request filed. CVE-2012-1186 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1186): Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. CVE-2012-1185 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1185): Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. This issue was resolved and addressed in GLSA 201405-09 at http://security.gentoo.org/glsa/glsa-201405-09.xml by GLSA coordinator Chris Reffett (creffett). |