oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: DoS in multiple versions of GraphicsMagick

From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Sun, 1 May 2016 15:43:15 -0500 (CDT)
On Sun, 1 May 2016, Gustavo Grieco wrote:


We recently tested GraphicsMagick with our tool and found two issues that
causes DoS:

* Infinite loop caused by converting a circularly defined svg file.

* Arithmetic exception converting a svg file caused by a X%0 operation in
magick/render.c:3800

   (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows,

Reproducers for both issues are attached. They are triggered by converting
a svg to another format. Identification is not affected.
These issues affect 1.3.18 and 1.3.23. Most likely other versions are
vulnerable too.
These issues are now resolved in the GraphicsMagick Mercurial repository.
It is worth noting that ImageMagick's built-in SVG renderer has the same problem with "circular.svg" (specify the input file name like "msvg:circular.svg"). 

Bob
--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
Previous By Date Next
Previous By Thread Next

Current thread: