oss-security - CVE request for graphicsmagick DoS

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20131115173031.GI2563@redhat.com>
Date: Fri, 15 Nov 2013 10:30:31 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for graphicsmagick DoS

I don't think this has been brought up here yet, but could a CVE be
provided for the following?

A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the
"ExportAlphaQuantumType()" function 
(magick/export.c) when exporting 8-bit RGBA images and can be exploited
to cause a crash.

The vulnerability is reported in versions prior to 1.3.18.

References:

https://bugs.gentoo.org/show_bug.cgi?id=488050
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
https://secunia.com/advisories/55288/
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
https://bugzilla.redhat.com/show_bug.cgi?id=1019085
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661

-- 
Vincent Danen / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.