Bug 628188 (CVE-2017-12935, CVE-2017-12936, CVE-2017-12937)

Summary:

<media-gfx/graphicsmagick-1.3.27: multiple vulnerabilites

Product:

Gentoo Security

Reporter:

Agostino Sarubbo <ago>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

flopwiki, graphics+disabled, sudormrfhalt

Priority:

Normal

Version:

unspecified

Hardware:

All

OS:

Linux

Whiteboard:

B3 [noglsa cve]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
CVE-2017-12935.patch	none
CVE-2017-12936.patch	none
CVE-2017-12937.patch	none

Description Agostino Sarubbo gentoo-dev

2017-08-18 15:01:14 UTC

https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c
https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c

Comment 1 Agostino Sarubbo gentoo-dev

2017-08-21 11:43:19 UTC

*** Bug 628494 has been marked as a duplicate of this bug. ***

Comment 2 Andrey Ovcharov 2017-08-25 23:25:35 UTC

Created attachment 490600 [details, diff]
CVE-2017-12935.patch

Comment 3 Andrey Ovcharov 2017-08-25 23:26:12 UTC

Created attachment 490602 [details, diff]
CVE-2017-12936.patch

Comment 4 Andrey Ovcharov 2017-08-25 23:26:53 UTC

Created attachment 490604 [details, diff]
CVE-2017-12937.patch

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 00:41:20 UTC

@maintainer(s), please clean the vulnerable version from the tree.

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:39:38 UTC

cleanup will be tracked in bug #640690

GLSA Vote: No