Red Hat Bugzilla – Bug 228758
CVE-2007-0770: GraphicsMagick buffer overflow
Last modified: 2007-11-30 17:11:57 EST
"Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote
attackers to cause a denial of service and possibly execute arbitrary code via a
PALM image that is not properly handled by the ReadPALMImage function in
coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456."
CVE-2006-5456 says that it is an issue with < 1.1.7, but the discussion in bug
210921 refers to a post-1.1.7 GraphicsMagick, so whether this affects the FE
GraphicsMagick package should be investigated.
I'm still not completely sure if this issue is actually exploitable in
GraphicsMagick, as the handling is a tad different then with ImageMagick, but I
adapted the ImageMagick Fix nevertheless.