According to the RedHat summary [1]: An out-of-bounds heap read vulnerability in ImageMagick compiled with TIFF support that can be triggered by running mogrify on crafted TIFF file was found. Fixed by upstream in ImageMagick 6.9.5-3. The next version above available in portage is 6.9.5-5 but that is still keyworded as unstable. [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5010
(In reply to behemothchess from comment #0) > According to the RedHat summary [1]: > > An out-of-bounds heap read vulnerability in ImageMagick compiled with TIFF > support that can be triggered by running mogrify on crafted TIFF file was > found. > > Fixed by upstream in ImageMagick 6.9.5-3. The next version above available > in portage is 6.9.5-5 but that is still keyworded as unstable. > > [1] > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5010 Thank you for the report!
CVE-2016-5010 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5010): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
This issue was resolved and addressed in GLSA 201611-21 at https://security.gentoo.org/glsa/201611-21 by GLSA coordinator Aaron Bauman (b-man).
