[Secure-testing-team] Bug#884904: graphicsmagick: CVE-2017-17783: buffer over-read in ReadPALMImage
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 21 08:00:15 UTC 2017
Source: graphicsmagick
Version: 1.3.27-1
Severity: normal
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/529/
Hi,
the following vulnerability was published for graphicsmagick, this is
basically to track the upstream source fix as we build with
QuantumDepth=16 (in unstable) and thus the issue is not triggred.
CVE-2017-17783[0]:
| In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage
| in coders/palm.c when QuantumDepth is 8.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17783
[1] https://sourceforge.net/p/graphicsmagick/bugs/529/
[2] http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list