Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 488050 (CVE-2013-4589)

Summary: <media-gfx/graphicsmagick-1.3.18 : 8-bit RGBA Images Export Denial of Service Vulnerability (CVE-2013-4589)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/55288/
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-10-14 18:57:01 UTC
From ${URL} :

Description

A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function 
(magick/export.c) when exporting 8-bit RGBA images and can be exploited to cause a crash.

The vulnerability is reported in versions prior to 1.3.18.


Solution:
Update to version 1.3.18.

Provided and/or discovered by:
Matt Walkenhorst within a discussion topic.

Original Advisory:
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-11-13 11:26:33 UTC
added to existing GLSA draft
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-11-19 00:31:43 UTC
This issue was resolved and addressed in
 GLSA 201311-10 at http://security.gentoo.org/glsa/glsa-201311-10.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 17:19:35 UTC
CVE-2013-4589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4589):
  The ExportAlphaQuantumType function in export.c in GraphicsMagick before
  1.3.18 might allow remote attackers to cause a denial of service (crash) via
  vectors related to exporting the alpha of an 8-bit RGBA image.