Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 628494 - media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,12937})
Summary: media-gfx/graphicsmagick: Multiple Vulnerabilities (CVE-2017-{12935,12936,129...
Status: RESOLVED DUPLICATE of bug 628188
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2017-08-21 11:40 UTC by D'juan McDonald (domhnall)
Modified: 2017-08-21 11:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-08-21 11:40:48 UTC
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c

The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read
Comment 1 Agostino Sarubbo gentoo-dev 2017-08-21 11:43:19 UTC
already reported

*** This bug has been marked as a duplicate of bug 628188 ***
Comment 2 D'juan McDonald (domhnall) 2017-08-21 11:48:53 UTC

Thanks, realized it was duplicate a bit late in the reporting.