Summary: | media-gfx/imagemagick: memory allocation denial of service in coders/pcx.c (CVE-2017-7275) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED CANTFIX | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ImageMagick/ImageMagick/issues/271 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-05-09 04:39:46 UTC
This is upstream: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/ Upstream is unable to reproduce. Upstream tried further mitigation via commit d94d85622f120f82240921ae7a83a72afcb79ddf which is available since v6.9.6-6 (current stable version in Gentoo is 6.9.7.4). Issue pending closure on upstream. AJSAN issue. ______________________________ You are getting an allocation error because the size of the colormap is ridiculous high. On our systems we can allocate this but it then fails at a later moment. ____________________________ |