Advisories » MGASA-2017-0297

Updated graphicsmagick packages fix security vulnerability

Publication date: 23 Aug 2017
Modification date: 23 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12935 , CVE-2017-12936 , CVE-2017-12937

Description

Invalid memory read in SetImageColorCallBack() in image.c
(CVE-2017-12935).

Use-after-free in ReadWMFImage() in wmf.c (CVE-2017-12936).

Heap-based buffer overflow in ReadSUNImage() in sun.c (CVE-2017-12937).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21564
• http://openwall.com/lists/oss-security/2017/08/18/4
• http://openwall.com/lists/oss-security/2017/08/18/3
• http://openwall.com/lists/oss-security/2017/08/18/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12937

SRPMS

6/core

• graphicsmagick-1.3.26-1.3.mga6

5/core

• graphicsmagick-1.3.26-1.2.mga5