coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. Upstream bug: https://sourceforge.net/p/graphicsmagick/bugs/450/ Upstream patch: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6 http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1512038] Affects: fedora-all [bug 1512039]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.