Date: Sun, 1 May 2016 15:43:15 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security@...ts.openwall.com Subject: Re: CVE request: DoS in multiple versions of GraphicsMagick On Sun, 1 May 2016, Gustavo Grieco wrote: > We recently tested GraphicsMagick with our tool and found two issues that > causes DoS: > > * Infinite loop caused by converting a circularly defined svg file. > > * Arithmetic exception converting a svg file caused by a X%0 operation in > magick/render.c:3800 > > (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows, > > Reproducers for both issues are attached. They are triggered by converting > a svg to another format. Identification is not affected. > These issues affect 1.3.18 and 1.3.23. Most likely other versions are > vulnerable too. These issues are now resolved in the GraphicsMagick Mercurial repository. It is worth noting that ImageMagick's built-in SVG renderer has the same problem with "circular.svg" (specify the input file name like "msvg:circular.svg"). Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ