GraphicsMagick, a comprehensive image processing package, is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18, Fedora 19 already ships with 1.3.18, so it doesn't seem to be affected. References: https://bugs.gentoo.org/show_bug.cgi?id=488050
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-18 [bug 1019087] Affects: epel-all [bug 1019088]
Additional References: https://secunia.com/advisories/55288/ http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/ Commit: http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
GraphicsMagick-1.3.18-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
GraphicsMagick-1.3.18-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
GraphicsMagick-1.3.18-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.