oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for graphicsmagick DoS

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 15 Nov 2013 11:51:59 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/15/2013 10:30 AM, Vincent Danen wrote:

I don't think this has been brought up here yet, but could a CVE
be provided for the following?

A vulnerability has been reported in GraphicsMagick, which can be 
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the 
"ExportAlphaQuantumType()" function (magick/export.c) when
exporting 8-bit RGBA images and can be exploited to cause a crash.

The vulnerability is reported in versions prior to 1.3.18.

References:

https://bugs.gentoo.org/show_bug.cgi?id=488050 
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/



https://secunia.com/advisories/55288/

http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/

 https://bugzilla.redhat.com/show_bug.cgi?id=1019085 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661




Please use CVE-2013-4589 for this issue.

S'il vous plaƮt utiliser CVE-2013-4589 pour cette question.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJShm1PAAoJEBYNRVNeJnmT+9kP/292YyjS12oZLUif6JtHQO/V
EIw8mRZdtofax+pgXUUpj3IhibwCOM5HvJn7vIEaBgWXMjH3wxfDFRHNg/DBldHY
QBPeOcMbGOTAmOSRkq3j62v3vJ+t72kjzvTSX22EspQ+ngUnFZt7WMY3D82JxNdu
Jrk4PA3s9BUfiyGwS6/XjF7oj3drsdkeKuo91yUA77fKn4nPAExiouj/xdh3mir9
VycSSZDzzgvyoofr1iZ5spBXxzsZSmksTuMmUiS8JdOIM6ulvAA3PmfIZcC+vJyu
pD1mDxWul2k7ga+lo/1jZHHfzISrM1UTkA+cLWLNzzlQ7Ez91G2TUQaqlCuJL9lB
njn3xZjfn7ElxuWUhsfiXpYAvrXbIExUyePlhUySYzsoeshWgIdX/7o+dbnyBLOg
1995tNCqz/FdYDvYTyvcOI5oMSPxXBm0xLUgBYJGLYJWcLhwPwlI3PhrHfZpao/p
C7I6I1TDRt2lPia40/DJe29q/emTKo+qYS7vigrgZSxrmU3heagULYrekSHKmQ9S
5AWPndC5Ybph3j/yrjYSTZork2C644tE7R8XF3qKmBH7z5sV7L9qu4xY/GtMZ2L5
z8ilk5Y9o9KkGmhpc3MXSVxLZ2smkhXJM1HAZ1erZ8umKLF0Yykau6LVxnyJ4JSv
R6lB2YN74vxP//aDH+wS
=8FRM
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: