[Bug 1002422] GraphicsMagick: 8BIM/8BIMW unsigned underflow leads to heap overflow

http://bugzilla.novell.com/show_bug.cgi?id=1002422 http://bugzilla.novell.com/show_bug.cgi?id=1002422#c1 --- Comment #1 from Mikhail Kasimov --- (In reply to Mikhail Kasimov from comment #0)

Reference: http://seclists.org/oss-sec/2016/q4/0

=========================== Today we received a report from Marco Grassi about a heap overflow in the 8BIM reader. 8BIM is a metadata chunk often attached to JPEG files.

After investigation it was found that there was a small unsigned overflow leading to a huge size value, which then resulted in a heap overflow (causing a crash).

We believe that this issue exists in all GraphicsMagick releases to date (including 1.3.25).

The fix to this may be found in GraphicsMagick Mercurial at "https://sourceforge.net/p/graphicsmagick/code/ci/ 5c7b6d6094a25e99c57f8b18343914ebfd8213ef/";.

Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ ===========================

Due to https://software.opensuse.org/package/GraphicsMagick version 1.3.25 is being in use in openSUSE Tumbleweed. Version 1.3.21 is being in use in 42.1...

http://seclists.org/oss-sec/2016/q4/2 : Use CVE-2016-7800. -- You are receiving this mail because: You are on the CC list for the bug.