Concerning ImageMagick 6.7.5-0 and earlier: CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 CERT-FI: http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-021.html (finnish) Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659339 Reproducible: Always Steps to Reproduce: Ask from ImageMagick if you need more details.
6.7.5.3 in Portage and can be stabilized
Arch teams, please test and mark stable: =media-gfx/imagemagick-6.7.5.3 Target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable, thanks for the report Henri
Stable for HPPA.
x86 stable
Stable on alpha.
arm/ia64/s390/sh/sparc stable
ppc done
ppc64 done
Thanks, everyone. New GLSA request filed.
This issue was resolved and addressed in GLSA 201203-09 at http://security.gentoo.org/glsa/glsa-201203-09.xml by GLSA coordinator Sean Amoss (ackle).