|
|
Log in / Subscribe / Register

graphicsmagick: multiple vulnerabilities

Package(s):GraphicsMagick CVE #(s):CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449
Created:September 15, 2016 Updated:September 28, 2016
Description: From the GraphicsMagick release notes:

  • EscapeParenthesis(): I was notified by Gustavo Grieco of a heap overflow in EscapeParenthesis() used in the text annotation code. While not being able to reproduce the issue, the implementation of this function is completely redone.
  • Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU. Problem was reported by Agostino Sarubbo based on testing with AFL.
  • SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG).
  • TIFF: Fix heap buffer read overflow while copying sized TIFF attributes. Problem was reported by Agostino Sarubbo based on testing with AFL.

More information may be found in the CVE assignment email.

Alerts:
Debian-LTS DLA-683-1 graphicsmagick 2016-10-26
openSUSE openSUSE-SU-2016:2641-1 GraphicsMagick 2016-10-26
openSUSE openSUSE-SU-2016:2644-1 GraphicsMagick 2016-10-26
Debian-LTS DLA-651-1 graphicsmagick 2016-10-11
Mageia MGASA-2016-0325 graphicsmagick 2016-09-28
Fedora FEDORA-2016-390ec4a8f3 GraphicsMagick 2016-09-19
Fedora FEDORA-2016-0bdf82500f GraphicsMagick 2016-09-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds