628494 – media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,12937})

Bug 628494 - media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,12937})

Summary: media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,129...

Status:	RESOLVED DUPLICATE of bug 628188

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-21 11:40 UTC by D'juan McDonald (domhnall)
Modified:	2017-08-21 11:48 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-21 11:40:48 UTC

CVE-2017-12935: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12935
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c

CVE-2017-12936: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12936
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

CVE-2017-12937: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12937
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read

Comment 1 Agostino Sarubbo gentoo-dev

2017-08-21 11:43:19 UTC

already reported

*** This bug has been marked as a duplicate of bug 628188 ***

Comment 2 D'juan McDonald (domhnall) 2017-08-21 11:48:53 UTC

Ago, 

Thanks, realized it was duplicate a bit late in the reporting.