1543272 – (CVE-2018-6799) CVE-2018-6799 GraphicsMagick: Heap overwrite in magick/pixel_cache.c:AcquireCacheNexus() can lead to denial of service

Bug 1543272 (CVE-2018-6799) - CVE-2018-6799 GraphicsMagick: Heap overwrite in magick/pixel_cache.c:AcquireCacheNexus() can lead to denial of service

Summary: CVE-2018-6799 GraphicsMagick: Heap overwrite in magick/pixel_cache.c:AcquireC...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2018-6799
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1543273 1543274 1543275
Blocks:	1856613
TreeView+	depends on / blocked

Reported:	2018-02-08 06:27 UTC by Sam Fowler
Modified:	2020-07-14 13:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:	GraphicsMagick 1.3.28
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-14 13:27:48 UTC

Attachments	(Terms of Use)

Description Sam Fowler 2018-02-08 06:27:54 UTC

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 can allow an attacker to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.


Upstream Fix:

http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3

Comment 1 Sam Fowler 2018-02-08 06:28:15 UTC

Created GraphicsMagick tracking bugs for this issue:

Affects: epel-all [bug 1543273]
Affects: fedora-all [bug 1543274]

Comment 3 Product Security DevOps Team 2020-07-14 13:27:48 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-6799

Note You need to log in before you can comment on or make changes to this bug.