Description: "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c." Quote from ChangeLog: >magick/compress.c (HuffmanDecodeImage): Fix signed overflow on >range check which leads to heap overflow in 32-bit >applications. Requires a relatively large file input compared with >typical fuzzer files (greater than a megabyte) to trigger. >Problem reported to the graphicsmagick-security mail address by >Justin Tripp on 2019-11-13.
Patch: https://sourceforge.net/p/graphicsmagick/code/ci/95abc2b694ceb0866f8aae94849bdf4033272035/ I think this is actually fixed in 1.3.34.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf679ef6ae9930e258ee14b27c835179b35919aa commit bf679ef6ae9930e258ee14b27c835179b35919aa Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 01:11:41 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-27 12:17:09 +0000 media-gfx/graphicsmagick: Security bump to 1.3.35 Looks like 1.3.34 is the first non-affected version but may as well bump to the latest, given it's getting a lot of fuzzing attention at the moment. Bug: https://bugs.gentoo.org/714240 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15097 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-gfx/graphicsmagick/Manifest | 1 + .../graphicsmagick/graphicsmagick-1.3.35.ebuild | 132 +++++++++++++++++++++ 2 files changed, 133 insertions(+)
(thanks for merging the PR). @maintainer(s), please advise if ready for stabilisation, or call yourself.
CVE-2020-10938 (https://nvd.nist.gov/vuln/detail/CVE-2020-10938): GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
sparc stable
x86 stable
amd64 stable
hppa stable
ppc stable
ppc64 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd2d78d9616151e146b1db98de6eb26673e0f70e commit dd2d78d9616151e146b1db98de6eb26673e0f70e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-05-04 01:29:02 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-05-04 01:29:02 +0000 media-gfx/graphicsmagick: drop vulnerable Bug: https://bugs.gentoo.org/714240 Signed-off-by: Aaron Bauman <bman@gentoo.org> media-gfx/graphicsmagick/Manifest | 2 - .../graphicsmagick/graphicsmagick-1.3.32.ebuild | 132 --------------------- .../graphicsmagick/graphicsmagick-1.3.33.ebuild | 132 --------------------- 3 files changed, 266 deletions(-)