From ${URL} : We recently tested GraphicsMagick with our tool and found two issues that causes DoS: * Infinite loop caused by converting a circularly defined svg file. * Arithmetic exception converting a svg file caused by a X%0 operation in magick/render.c:3800 (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows, Reproducers for both issues are attached. They are triggered by converting a svg to another format. Identification is not affected. These issues affect 1.3.18 and 1.3.23. Most likely other versions are vulnerable too. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
v1.3.24 which fixed the reported issues hit Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/media-gfx/graphicsmagick?id=68407a602cc64231cd887123da2d33dbe5756230 =media-gfx/graphicsmagick-1.3.25 is the current stable version in the repository. No vulnerable version left. @ Security: Please vote!
Code fixing the issue: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c Additional details: https://sources.debian.net/src/graphicsmagick/1.3.25-5/debian/changelog/#L31 As previously noted by Whissi the fixed code was introduced to the tree in 1.3.24. GLSA Vote: No
*** Bug 582236 has been marked as a duplicate of this bug. ***
