Two security issues have been discovered in the WPG format reader in GraphicsMagick 1.3.25 (and earlier): 1. CVE-2016-7996 In a build with QuantumDepth=8 (the default), there is no check that the provided colormap is not larger than 256 entries, resulting in potential heap overflow. This problem does not occur with larger QuantumDepth values. 2. CVE-2016-7997 The assertion: ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed. is thrown (causing a crash) for some files due to a logic error which leads to passing a NULL pointer where a NULL pointer is not allowed. References (patch attached): http://seclists.org/oss-sec/2016/q4/55
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1383225] Affects: epel-all [bug 1383226]
Fwiw, only el6's GraphicsMagick doesn't use --with-quantum-depth=16 build option, so I'm guessing that's the only one vulnerable here.
Sorry, that's (apparently) only issue 1. I'll pull in both fixes
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.