From ${URL} : Description A vulnerability has been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ReadGIFImage()" function (coders/gif.c) when handling the comments extension in GIF files and can be exploited to corrupt memory. The vulnerability is reported in versions prior to 6.7.8-8. Solution: Update to version 6.7.8-8. Provided and/or discovered by: Holger Seelig Original Advisory: ImageMagick: http://www.imagemagick.org/script/changelog.php Holger Seelig: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23921 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4298): The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
Stable version is unaffected. @maintainers: cleanup please, timeout 30 days. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201405-09 at http://security.gentoo.org/glsa/glsa-201405-09.xml by GLSA coordinator Chris Reffett (creffett).
