Advisories » MGASA-2013-0350

Updated graphicsmagick packages fix CVE-2013-4589

Publication date: 22 Nov 2013
Modification date: 22 Nov 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-4589

Description

Updated graphicsmagick packages fix security vulnerability:

GraphicsMagick before 1.3.18 is found to have a vulnerability which can be
exploited by malicious people to cause a Denial of Service (DoS). The
vulnerability is caused due to an error within the "ExportAlphaQuantumType()"
function found in magick/export.c when exporting 8-bit RGBA images, which can
be exploited to cause a crash (CVE-2013-4589).
                

References

• https://secunia.com/advisories/55288/
• http://openwall.com/lists/oss-security/2013/11/15/14
• https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html
• https://bugs.mageia.org/show_bug.cgi?id=11594
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4589

SRPMS

2/core

• graphicsmagick-1.3.13-1.6.mga2