oss-sec mailing list archives
Re: CVE request for graphicsmagick DoS
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 15 Nov 2013 11:51:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2013 10:30 AM, Vincent Danen wrote:
I don't think this has been brought up here yet, but could a CVE be provided for the following? A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function (magick/export.c) when exporting 8-bit RGBA images and can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18. References: https://bugs.gentoo.org/show_bug.cgi?id=488050 http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
https://secunia.com/advisories/55288/
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/ https://bugzilla.redhat.com/show_bug.cgi?id=1019085 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661
Please use CVE-2013-4589 for this issue. S'il vous plaƮt utiliser CVE-2013-4589 pour cette question. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJShm1PAAoJEBYNRVNeJnmT+9kP/292YyjS12oZLUif6JtHQO/V EIw8mRZdtofax+pgXUUpj3IhibwCOM5HvJn7vIEaBgWXMjH3wxfDFRHNg/DBldHY QBPeOcMbGOTAmOSRkq3j62v3vJ+t72kjzvTSX22EspQ+ngUnFZt7WMY3D82JxNdu Jrk4PA3s9BUfiyGwS6/XjF7oj3drsdkeKuo91yUA77fKn4nPAExiouj/xdh3mir9 VycSSZDzzgvyoofr1iZ5spBXxzsZSmksTuMmUiS8JdOIM6ulvAA3PmfIZcC+vJyu pD1mDxWul2k7ga+lo/1jZHHfzISrM1UTkA+cLWLNzzlQ7Ez91G2TUQaqlCuJL9lB njn3xZjfn7ElxuWUhsfiXpYAvrXbIExUyePlhUySYzsoeshWgIdX/7o+dbnyBLOg 1995tNCqz/FdYDvYTyvcOI5oMSPxXBm0xLUgBYJGLYJWcLhwPwlI3PhrHfZpao/p C7I6I1TDRt2lPia40/DJe29q/emTKo+qYS7vigrgZSxrmU3heagULYrekSHKmQ9S 5AWPndC5Ybph3j/yrjYSTZork2C644tE7R8XF3qKmBH7z5sV7L9qu4xY/GtMZ2L5 z8ilk5Y9o9KkGmhpc3MXSVxLZ2smkhXJM1HAZ1erZ8umKLF0Yykau6LVxnyJ4JSv R6lB2YN74vxP//aDH+wS =8FRM -----END PGP SIGNATURE-----
Current thread:
- CVE request for graphicsmagick DoS Vincent Danen (Nov 15)
- Re: CVE request for graphicsmagick DoS Kurt Seifried (Nov 15)