Описание
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| graphicsmagick | fixed | 1.3.26-18 | package | |
| graphicsmagick | fixed | 1.3.20-3+deb8u3 | jessie | package |
| graphicsmagick | no-dsa | wheezy | package |
Примечания
http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
https://sourceforge.net/p/graphicsmagick/bugs/519/
The wheezy version gives an assert before the vulnerability can be triggered. Due to this
the severity of the wheezy version is low even though the vulnerable code is still present.
The patch is trivial so it may be worth fixing in combination with some other fix.
EPSS
Связанные уязвимости
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
Уязвимость функции ReadWPGImage (coders/wpg.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю выполнить произвольный код
EPSS