GraphicsMagick through version 1.3.26 is vulnerable to a memory allocation failure in coders/png.c:ReadOnePNGImage(). An attacker could cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. Upstream Issue: https://sourceforge.net/p/graphicsmagick/bugs/459/ Upstream Patch: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1554189] Affects: epel-all [bug 1554188]