oss-sec mailing list archives
CVE request: DoS in multiple versions of GraphicsMagick
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Sun, 1 May 2016 16:54:10 +0200
We recently tested GraphicsMagick with our tool and found two issues that causes DoS: * Infinite loop caused by converting a circularly defined svg file. * Arithmetic exception converting a svg file caused by a X%0 operation in magick/render.c:3800 (long) (y-fill_pattern->tile_info.y) % fill_pattern->rows, Reproducers for both issues are attached. They are triggered by converting a svg to another format. Identification is not affected. These issues affect 1.3.18 and 1.3.23. Most likely other versions are vulnerable too. Regards, Gustavo
Current thread:
- CVE request: DoS in multiple versions of GraphicsMagick Gustavo Grieco (May 01)
- Re: CVE request: DoS in multiple versions of GraphicsMagick Bob Friesenhahn (May 01)
- Re: CVE request: DoS in multiple versions of GraphicsMagick cve-assign (Jun 02)