Multiple issues in GraphicsMagick received CVEs on oss-security mailing list. CVE-2016-8682: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/ AddressSanitizer: stack-buffer-overflow ... READ of size 769 0x7f73e9a8399f in ReadSCTImage ... GraphicsMagick-1.3.25/coders/sct.c:126 Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d CVE-2016-8683: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/ AddressSanitizer failed to allocate 0x4cd6a6000 bytes of LargeMmapAllocator 0x7ff8e887beba in ReadPCXImage ... GraphicsMagick-1.3.25/coders/pcx.c:467:16 Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9 CVE-2016-8684: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/ AddressSanitizer failed to allocate 0x7fff03000 bytes of LargeMmapAllocator MagickMalloc ... GraphicsMagick-1.3.25/magick/memory.c:156:10 MagickMallocArray ... GraphicsMagick-1.3.25/magick/memory.c:347 ReadSGIImage ... GraphicsMagick-1.3.25/coders/sgi.c:498:19 Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1383225] Affects: epel-all [bug 1383226]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.