[Secure-testing-team] Bug#881391: graphicsmagick: CVE-2017-16669: Heap buffer over-write in AcquireCacheNexus function in magick/pixel_cache.c
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 11 08:56:34 UTC 2017
Source: graphicsmagick
Version: 1.3.26-18
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/450/
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2017-16669[0]:
| coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause
| a denial of service (heap-based buffer overflow and application crash)
| or possibly have unspecified other impact via a crafted file, related
| to the AcquireCacheNexus function in magick/pixel_cache.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-16669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16669
[1] https://sourceforge.net/p/graphicsmagick/bugs/450/
Please adjust the affected versions in the BTS as needed. LTS team has
released a DLA for this issue, so I guess (but have not checked!)
every older version is affected as well from the issue.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list