| Summary: | <media-gfx/graphicsmagick-1.3.26: 8BIM/8BIMW unsigned underflow leads to heap overflow | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | graphics+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1381148 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
From URL: Upstream already patched the problem for version 1.3.26 https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/ @Maintainers: could you please let us know when the 1.3.26 ebuild is going to be stable thanks GLSA Vote: No Cleanup tracked in bug #631562 |
From ${URL} : An unsigned overflow leading to heap buffer overflow vulnerability was found in GraphicsMagick 8BIM reader. A maliciously crafted file could cause the application to crash. References: http://seclists.org/oss-sec/2016/q4/0 Upstream patch: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.