CVE-2017-7275 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7275): The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
This is upstream: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/
Upstream is unable to reproduce. Upstream tried further mitigation via commit d94d85622f120f82240921ae7a83a72afcb79ddf which is available since v6.9.6-6 (current stable version in Gentoo is 6.9.7.4).
Issue pending closure on upstream. AJSAN issue. ______________________________ You are getting an allocation error because the size of the colormap is ridiculous high. On our systems we can allocate this but it then fails at a later moment. ____________________________