M. Joonas Pihlaja discovered security flaws in GraphicsMagick that also affect
ImageMagick -- one possible buffer overflow in coders/dcm.c:ReadDCMImage() and
three possible heap overflows in
coders/palm.c:ReadPALMImage(). Debian project includes a fix for GraphicsMagick
1.1.7 among other changes in their patch.
Version-Release number of selected component (if applicable):
How reproducible:
Potentially exploitable by maliciously crafted image.
Fix:
I attach the relevant part of the debian patch. It doesn't apply against
ImageMagick without modifications, because GraphicMagics project uses different
coding style. The patch needs to be reviewed and eventually needs to be rewritten.
Description of problem:
M. Joonas Pihlaja discovered security flaws in GraphicsMagick that also affect dcm.c:ReadDCMIm age() and palm.c: ReadPALMImage( ). Debian project includes a fix for GraphicsMagick
ImageMagick -- one possible buffer overflow in coders/
three possible heap overflows in
coders/
1.1.7 among other changes in their patch.
Version-Release number of selected component (if applicable):
How reproducible:
Potentially exploitable by maliciously crafted image.
Fix:
I attach the relevant part of the debian patch. It doesn't apply against
ImageMagick without modifications, because GraphicMagics project uses different
coding style. The patch needs to be reviewed and eventually needs to be rewritten.