Date: Fri, 15 Nov 2013 10:30:31 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request for graphicsmagick DoS I don't think this has been brought up here yet, but could a CVE be provided for the following? A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function (magick/export.c) when exporting 8-bit RGBA images and can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18. References: https://bugs.gentoo.org/show_bug.cgi?id=488050 http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/ https://secunia.com/advisories/55288/ http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/ https://bugzilla.redhat.com/show_bug.cgi?id=1019085 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661 -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.