From ${URL} : A null pointer dereference vulnerability in the GraphicsMagick DICOM image decoder allows an attacker to cause a denial-of-service condition or other unspecified impact. Bug: https://sourceforge.net/p/graphicsmagick/bugs/512/ Writeup: https://nandynarwhals.org/CVE-2017-14994/ Timeline: 30 Sept 2017 - Discovery of the vulnerability. 1 Oct 2017 - Disclosure of vulnerability to the vendor. 1 Oct 2017 - Vulnerability fixed in mercurial commit. 2 Oct 2017 - CVE number requested. 3 Oct 2017 - CVE-2017-14994 assigned. 3 Oct 2017 - Advisory sent to oss-security mailing list. This issue was discovered by Terry Chia (Ayrx) and Jeremy Heng (@...amon). @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
2017-10-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> * coders/dcm.c (DCM_ReadNonNativeImages): Additional fix (improvement) for SourceForge issue #512 "NULL Pointer Dereference in DICOM Decoder".
cleanup will be tracked in bug #640690 GLSA Vote: No