614018 – (CVE-2016-9830) <media-gfx/graphicsmagick-1.3.26: memory allocation failure in MagickRealloc (memory.c)

Bug 614018 (CVE-2016-9830) - <media-gfx/graphicsmagick-1.3.26: memory allocation failure in MagickRealloc (memory.c)

Summary: <media-gfx/graphicsmagick-1.3.26: memory allocation failure in MagickRealloc ...

Status:	RESOLVED FIXED

Alias:	CVE-2016-9830

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://blogs.gentoo.org/ago/2016/12/...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-03-27 09:15 UTC by Agostino Sarubbo
Modified:	2017-10-23 00:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-03-27 09:15:00 UTC

Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Yury German Gentoo Infrastructure

2017-03-29 07:07:46 UTC

    CVE ID: CVE-2016-9830
   Summary: The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
 Published: 2017-03-01T20:59:00.000Z

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 12:06:40 UTC

Patch: https://sources.debian.net/src/graphicsmagick/1.3.25-8/debian/patches/CVE-2016-9830.patch/

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2017-10-23 00:13:07 UTC

GLSA Vote: No

Cleanup tracked in bug #631562