Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228758
Summary: CVE-2007-0770: GraphicsMagick buffer overflow Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: normal Component: GraphicsMagick AssignedTo: andreas@bawue.net ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0770
"Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456."
CVE-2006-5456 says that it is an issue with < 1.1.7, but the discussion in bug 210921 refers to a post-1.1.7 GraphicsMagick, so whether this affects the FE GraphicsMagick package should be investigated.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-0770: GraphicsMagick buffer overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228758
andreas@bawue.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From andreas@bawue.net 2007-03-07 05:19 EST ------- I'm still not completely sure if this issue is actually exploitable in GraphicsMagick, as the handling is a tad different then with ImageMagick, but I adapted the ImageMagick Fix nevertheless.
security@lists.fedoraproject.org