Two security issues have been discovered in the WPG format reader in
GraphicsMagick 1.3.25 (and earlier):
In a build with QuantumDepth=8 (the default), there is no check
that the provided colormap is not larger than 256 entries,
resulting in potential heap overflow. This problem does not occur
with larger QuantumDepth values.
ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed.
is thrown (causing a crash) for some files due to a logic error
which leads to passing a NULL pointer where a NULL pointer is not
References (patch attached):
Created GraphicsMagick tracking bugs for this issue:
Affects: fedora-all [bug 1383225]
Affects: epel-all [bug 1383226]
Fwiw, only el6's GraphicsMagick doesn't use --with-quantum-depth=16 build option, so I'm guessing that's the only one vulnerable here.
Sorry, that's (apparently) only issue 1. I'll pull in both fixes
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.