Summary: | <media-gfx/graphicsmagick-1.3.27: use-after-free in CloseBlob (blob.c) (CVE-2017-11403) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | graphics+disabled, nobrowser, sudormrfhalt | ||||
Priority: | Normal | Keywords: | PATCH | ||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/ | ||||||
Whiteboard: | B3 [noglsa cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Agostino Sarubbo
2017-07-18 08:09:32 UTC
Created attachment 490594 [details, diff]
CVE-2017-11403.patch
Note that the original fix has been found insufficient. A new CVE-2017-14103 has been assigned: http://www.openwall.com/lists/oss-security/2017/09/01/6 (In reply to Ian Zimmerman from comment #2) > Note that the original fix has been found insufficient. A new > CVE-2017-14103 has been assigned: > > http://www.openwall.com/lists/oss-security/2017/09/01/6 Patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f Looks like this has been patched for a while. I'll give this a tentative glsa? but I don't think it's worth it given graphicsmagick's history and we've long since moved on. GLSA Vote: No Repository is clean, all done! |