The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
@maintainer(s), after bump, please call for stabilization when ready, thank you.
Gentoo Security Padawan
@maintainer(s), please clean the vulnerable version from the tree.
cleanup will be tracked in bug #640690
GLSA Vote: No