On Mon, Jul 03, 2017 at 08:56:23PM +0200, Salvatore Bonaccorso wrote:
> Source: graphicsmagick
> Version: 1.3.25-8
> Severity: important
> Tags: security upstream patch
> 
> Hi,
> 
> the following vulnerability was published for graphicsmagick.
> 
> CVE-2017-10800[0]:
> | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it
> | can lead to a denial of service (OOM) in ReadMATImage() if the size
> | specified for a MAT Object is larger than the actual amount of data.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-10800
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10800
> [1] http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012

That commit is unfortunately not enough. All related changesets to
mat.c since the above one should be taken into account. I got this
comment as reply to filling this bugreport directly from Bob
Friesenhahn (upstream).

Regards,
Salvatore

Reply via email to