ArchLinux: 201609-6: graphicsmagick: multiple issues
Summary
1. A last instance of CVE-2016-2317 (heap buffer overflow) in the MVG
rendering code (also impacts SVG). This problem was originally
reported by Gustavo Grieco.
2. A possible heap overflow of the EscapeParenthesis() function.
While I was not able to reproduce it for myself, the implementation is
replaced with a different algorithm. This problem was reported by
Gustavo Grieco.
3. The Utah RLE reader did not validate that header information was
reasonable given the file size and so it could cause huge memory
allocations and/or consume huge amounts of CPU. This problem was
reported by Agostino Sarubbo.
4. The TIFF reader had a bug pertaining to use of TIFFGetField() when
a 'count' value is returned. The bug caused a heap read overflow (due
to using strlcpy() to copy a possibly unterminated string) which could
allow an untrusted file to crash the software.
Resolution
Upgrade to 1.3.25-1
# pacman -Syu "graphicsmagick>=1.3.25-1"
The problem has been fixed upstream in version 1.3.25.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317 https://www.openwall.com/lists/oss-security/2016/09/07/4
Workaround
None.