(CVE-2017-13063) GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13063 (CVE-2017-13064) GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13064 (CVE-2017-13065) GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13065
Upstream Patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a @maintainer(s), please test and follow procedure to close report, thank you. Daj'Uan (mbailey_j) Gentoo Security Scout
Created attachment 490606 [details, diff] CVE-2017-13063.patch + CVE-2017-13064.patch
@maintainer(s), please clean the vulnerable version from the tree.
cleanup will be tracked in bug #640690 GLSA Vote: No