Summary: | <media-gfx/imagemagick-{6.9.11.0,7.0.8.36}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ImageMagick/ImageMagick/issues/1533 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-04-01 17:21:18 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-10650): In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. Upstream Reference: https://github.com/ImageMagick/ImageMagick/issues/1532 Patch: https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b Patch: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006 Tree seems clean now. Tentatively setting to glsa? but it's a bit old. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |