oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for graphicsmagick DoS

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 15 Nov 2013 10:30:31 -0700
I don't think this has been brought up here yet, but could a CVE be
provided for the following?

A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service). 

The vulnerability is caused due to an error within the
"ExportAlphaQuantumType()" function (magick/export.c) when exporting 8-bit RGBA images and can be exploited 
to cause a crash.

The vulnerability is reported in versions prior to 1.3.18.

References:

https://bugs.gentoo.org/show_bug.cgi?id=488050
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
https://secunia.com/advisories/55288/
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
https://bugzilla.redhat.com/show_bug.cgi?id=1019085
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661


--
Vincent Danen / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: