oss-sec mailing list archives
CVE request for graphicsmagick DoS
From: Vincent Danen <vdanen () redhat com>
Date: Fri, 15 Nov 2013 10:30:31 -0700
I don't think this has been brought up here yet, but could a CVE be provided for the following? A vulnerability has been reported in GraphicsMagick, which can beexploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the"ExportAlphaQuantumType()" function (magick/export.c) when exporting 8-bit RGBA images and can be exploited
to cause a crash. The vulnerability is reported in versions prior to 1.3.18. References: https://bugs.gentoo.org/show_bug.cgi?id=488050 http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/ https://secunia.com/advisories/55288/ http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/ https://bugzilla.redhat.com/show_bug.cgi?id=1019085 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661 --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request for graphicsmagick DoS Vincent Danen (Nov 15)
- Re: CVE request for graphicsmagick DoS Kurt Seifried (Nov 15)