Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACn5sdRjA1Vma3em7z0xyuV87_iggAojuFMFZLWKnEFOHww3hg@mail.gmail.com>
Date: Sun, 1 May 2016 16:54:10 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: DoS in multiple versions of GraphicsMagick

We recently tested GraphicsMagick with our tool and found two issues that
causes DoS:

* Infinite loop caused by converting a circularly defined svg file.

* Arithmetic exception converting a svg file caused by a X%0 operation in
magick/render.c:3800

    (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows,

Reproducers for both issues are attached. They are triggered by converting
a svg to another format. Identification is not affected.
These issues affect 1.3.18 and 1.3.23. Most likely other versions are
vulnerable too.

Regards,
Gustavo

Content of type "text/html" skipped

Download attachment "circular.svg" of type "image/svg+xml" (6285 bytes)

Download attachment "sigfpe.svg" of type "image/svg+xml" (1450 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.