The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1475494] Affects: fedora-all [bug 1475495]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.