From ${URL} : GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c References: https://bugzilla.novell.com/show_bug.cgi?id=1050674 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Downgraded to B3 due to no PoC for ACE/RCE. @maintainer(s), please clean the vulnerable version from the tree.
cleanup will be tracked in bug #640690 GLSA Vote: No