Updated graphicsmagick packages fix security vulnerability
Publication date: 23 Aug 2017Modification date: 23 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12935 , CVE-2017-12936 , CVE-2017-12937
Description
Invalid memory read in SetImageColorCallBack() in image.c (CVE-2017-12935). Use-after-free in ReadWMFImage() in wmf.c (CVE-2017-12936). Heap-based buffer overflow in ReadSUNImage() in sun.c (CVE-2017-12937).
References
- https://bugs.mageia.org/show_bug.cgi?id=21564
- http://openwall.com/lists/oss-security/2017/08/18/4
- http://openwall.com/lists/oss-security/2017/08/18/3
- http://openwall.com/lists/oss-security/2017/08/18/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12937
SRPMS
5/core
- graphicsmagick-1.3.26-1.2.mga5
6/core
- graphicsmagick-1.3.26-1.3.mga6