On Mon, Jul 03, 2017 at 08:56:23PM +0200, Salvatore Bonaccorso wrote: > Source: graphicsmagick > Version: 1.3.25-8 > Severity: important > Tags: security upstream patch > > Hi, > > the following vulnerability was published for graphicsmagick. > > CVE-2017-10800[0]: > | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it > | can lead to a denial of service (OOM) in ReadMATImage() if the size > | specified for a MAT Object is larger than the actual amount of data. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-10800 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10800 > [1] http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012
That commit is unfortunately not enough. All related changesets to mat.c since the above one should be taken into account. I got this comment as reply to filling this bugreport directly from Bob Friesenhahn (upstream). Regards, Salvatore

