Required CVE Record Information
Description
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
References 7 Total
- https://sourceforge.net/p/graphicsmagick/bugs/598/
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
- lists.debian.org: [debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update mailing-list
- lists.opensuse.org: openSUSE-SU-2019:1272 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2019:1295 vendor-advisory
- usn.ubuntu.com: USN-4207-1 vendor-advisory
- debian.org: DSA-4640 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- https://sourceforge.net/p/graphicsmagick/bugs/598/ x_transferred
- http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 x_transferred
- lists.debian.org: [debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update mailing-listx_transferred
- lists.opensuse.org: openSUSE-SU-2019:1272 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2019:1295 vendor-advisoryx_transferred
- usn.ubuntu.com: USN-4207-1 vendor-advisoryx_transferred
- debian.org: DSA-4640 vendor-advisoryx_transferred