Date: Sun, 1 May 2016 15:43:15 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security@...ts.openwall.com Subject: Re: CVE request: DoS in multiple versions of GraphicsMagick On Sun, 1 May 2016, Gustavo Grieco wrote: > We recently tested GraphicsMagick with our tool and found two issues that > causes DoS: > > * Infinite loop caused by converting a circularly defined svg file. > > * Arithmetic exception converting a svg file caused by a X%0 operation in > magick/render.c:3800 > > (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows, > > Reproducers for both issues are attached. They are triggered by converting > a svg to another format. Identification is not affected. > These issues affect 1.3.18 and 1.3.23. Most likely other versions are > vulnerable too. These issues are now resolved in the GraphicsMagick Mercurial repository. It is worth noting that ImageMagick's built-in SVG renderer has the same problem with "circular.svg" (specify the input file name like "msvg:circular.svg"). Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.