Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 May 2016 15:43:15 -0500 (CDT)
From: Bob Friesenhahn <>
Subject: Re: CVE request: DoS in multiple versions of

On Sun, 1 May 2016, Gustavo Grieco wrote:

> We recently tested GraphicsMagick with our tool and found two issues that
> causes DoS:
> * Infinite loop caused by converting a circularly defined svg file.
> * Arithmetic exception converting a svg file caused by a X%0 operation in
> magick/render.c:3800
>    (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows,
> Reproducers for both issues are attached. They are triggered by converting
> a svg to another format. Identification is not affected.
> These issues affect 1.3.18 and 1.3.23. Most likely other versions are
> vulnerable too.

These issues are now resolved in the GraphicsMagick Mercurial 

It is worth noting that ImageMagick's built-in SVG renderer has the 
same problem with "circular.svg" (specify the input file name like 

Bob Friesenhahn,
GraphicsMagick Maintainer,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ