| Summary: | <media-gfx/graphicsmagick-1.3.27: in GraphicsMagick 1.3.26 memory allocation failure in magick/memory.c | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | graphics+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/ | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
Propose Patch:(http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa) Hi, it is appreciate that you file the security bugs. I'd like if in the summary was reported the nature of the issue instead of the impact, so in this case memory allocation failure @maintainer(s), please clean the vulnerable version from the tree. cleanup will be tracked in bug #640690 GLSA Vote: No |
From ${URL}: The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14165) Note:The National Vulnerability Database is currently offline for scheduled maintenance. Daj Uan (jmbailey/mbailey_j) Gentoo Security Padawan