Advisories ยป MGASA-2016-0325

Updated graphicsmagick packages fix security vulnerability

Publication date: 28 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7447 , CVE-2016-7448 , CVE-2016-7449


A possible heap overflow of the EscapeParenthesis() function

The Utah RLE reader did not validate that header information was
reasonable given the file size and so it could cause huge memory
allocations and/or consume huge amounts of CPU (CVE-2016-7448).

The TIFF reader had a bug pertaining to use of TIFFGetField() when a
'count' value is returned.  The bug caused a heap read overflow (due to
using strlcpy() to copy a possibly unterminated string) which could allow
an untrusted file to crash the software (CVE-2016-7449).