Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Nov 2013 10:30:31 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for graphicsmagick DoS

I don't think this has been brought up here yet, but could a CVE be
provided for the following?

A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the
"ExportAlphaQuantumType()" function 
(magick/export.c) when exporting 8-bit RGBA images and can be exploited
to cause a crash.

The vulnerability is reported in versions prior to 1.3.18.

References:

https://bugs.gentoo.org/show_bug.cgi?id=488050
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
https://secunia.com/advisories/55288/
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
https://bugzilla.redhat.com/show_bug.cgi?id=1019085
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661


-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.