Red Hat Bugzilla – Bug 1019085
CVE-2013-4589 graphicsmagick: 8-bit RGBA images export DoS vulnerability
Last modified: 2014-01-27 03:43:19 EST
GraphicsMagick, a comprehensive image processing package, is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS).
The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash.
The vulnerability is reported in versions prior to 1.3.18, Fedora 19 already ships with 1.3.18, so it doesn't seem to be affected.
Created GraphicsMagick tracking bugs for this issue:
Affects: fedora-18 [bug 1019087]
Affects: epel-all [bug 1019088]
GraphicsMagick-1.3.18-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
GraphicsMagick-1.3.18-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
GraphicsMagick-1.3.18-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.