Bug 628760 (CVE-2017-13147)

Summary:	<media-gfx/graphicsmagick-1.3.27: Allocation failure vulnerability in ReadMNGImage in coders/png.c (CVE-2017-13147)
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://sourceforge.net/p/graphicsmagick/bugs/446/
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---

Description D'juan McDonald (domhnall) 2017-08-23 18:58:55 UTC

From $URL:

In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value


CVE Details:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13147

Comment 1 D'juan McDonald (domhnall) 2017-08-23 19:08:13 UTC

@maintainer(s), upstream updated on this 1 day ago with a fix. Details are in $URL.

Please follow procedure to close on report, thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 00:50:21 UTC

@maintainer(s), please clean the vulnerable version from the tree.

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2018-03-26 01:40:49 UTC

cleanup will be tracked in bug #640690

GLSA Vote: No