Bug 628494

Summary:	media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,12937})
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description D'juan McDonald (domhnall) 2017-08-21 11:40:48 UTC

CVE-2017-12935: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12935
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c

CVE-2017-12936: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12936
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

CVE-2017-12937: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12937
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read

Comment 1 Agostino Sarubbo gentoo-dev

2017-08-21 11:43:19 UTC

already reported

*** This bug has been marked as a duplicate of bug 628188 ***

Comment 2 D'juan McDonald (domhnall) 2017-08-21 11:48:53 UTC

Ago, 

Thanks, realized it was duplicate a bit late in the reporting.