Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 May 2016 15:43:15 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: DoS in multiple versions of
 GraphicsMagick

On Sun, 1 May 2016, Gustavo Grieco wrote:

> We recently tested GraphicsMagick with our tool and found two issues that
> causes DoS:
>
> * Infinite loop caused by converting a circularly defined svg file.
>
> * Arithmetic exception converting a svg file caused by a X%0 operation in
> magick/render.c:3800
>
>    (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows,
>
> Reproducers for both issues are attached. They are triggered by converting
> a svg to another format. Identification is not affected.
> These issues affect 1.3.18 and 1.3.23. Most likely other versions are
> vulnerable too.

These issues are now resolved in the GraphicsMagick Mercurial 
repository.

It is worth noting that ImageMagick's built-in SVG renderer has the 
same problem with "circular.svg" (specify the input file name like 
"msvg:circular.svg").

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ