Summary: | <media-gfx/graphicsmagick-1.3.26: Denial of Service (OOM) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2017-07-05 16:52:54 UTC
(In reply to Dajuan (sfc) Mcdonald from comment #0) When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). $URL https://nvd.nist.gov/vuln/detail/CVE-2017-10799 (In reply to Dajuan Mcdonald (mbailey_j) from comment #0) CVE-2017-10800 Upstream Patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 @maintainers, please Merge updates from head for 1.3.25 release. Upstream Patch 1/2:Fix memory Leak in ReadMATImage (CVE-2017-10800) http://hg.code.sf.net/p/graphicsmagick/code/rev/91b707030bda Upstream Patch 2/2: ?? See: [1.3.25] http://hg.code.sf.net/p/graphicsmagick/code/rev/1c07f70e5dd9 (V.s) [1.3.26] http://hg.code.sf.net/p/graphicsmagick/code/rev/db4eb7f97eeb @maintainer(s), CVE-2017-10799 has no working fix. The CVE report(er) incorrectly states 1.3.25 as having 'coders/dpx.c', however it's only in 1.3.26. Please test and proceed to stabilize, thank you. Daj'Uan (mbailey_j) Gentoo Security Scout Upstream Patch CVE-2017-10799:( https://github.com/ImageMagick/ImageMagick/commit/961eb7c6fe2f1efc0be11d950c4500cd0cd17702 ) GLSA Vote: No Cleanup tracked in bug #631562 |