Bug 614018 (CVE-2016-9830)

Summary:	<media-gfx/graphicsmagick-1.3.26: memory allocation failure in MagickRealloc (memory.c)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c/
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2017-03-27 09:15:00 UTC

Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Yury German Gentoo Infrastructure

2017-03-29 07:07:46 UTC

    CVE ID: CVE-2016-9830
   Summary: The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
 Published: 2017-03-01T20:59:00.000Z

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 12:06:40 UTC

Patch: https://sources.debian.net/src/graphicsmagick/1.3.25-8/debian/patches/CVE-2016-9830.patch/

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-10-23 00:13:07 UTC

GLSA Vote: No

Cleanup tracked in bug #631562