http://bugzilla.opensuse.org/show_bug.cgi?id=1003629 Bug ID: 1003629 Summary: GraphicsMagick: WPG Reader Issues Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 696433 --> http://bugzilla.opensuse.org/attachment.cgi?id=696433&action=edit wpg patch Reference: http://seclists.org/oss-sec/2016/q4/55 =================================================== Two security issues have been discovered in the WPG format reader in GraphicsMagick 1.3.25 (and earlier): 1. In a build with QuantumDepth=8 (the default), there is no check that the provided colormap is not larger than 256 entries, resulting in potential heap overflow. This problem does not occur with larger QuantumDepth values. 2. The assertion: ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed. is thrown (causing a crash) for some files due to a logic error which leads to passing a NULL pointer where a NULL pointer is not allowed. These issues were discovered using American Fuzzy Lop by fuzzing with the corpus by Moshe Kaplan discovered on Github at https://github.com/moshekaplan/FuzzGraphicsMagick. A patch resolving the two above issues is attached. Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ =================================================== Due to https://software.opensuse.org/package/GraphicsMagick , version 1.3.25 is actual for 42.2 and TW. Other versions are actual for 13.1, 13.2 and 42.1. -- You are receiving this mail because: You are on the CC list for the bug.