(In reply to Mikhail Kasimov from comment #0) > Reference: http://seclists.org/oss-sec/2016/q4/0 > > =========================== > Today we received a report from Marco Grassi about a heap overflow in the > 8BIM reader. 8BIM is a metadata chunk often attached to JPEG files. > > > After investigation it was found that there was a small unsigned overflow > leading to a huge size value, which then resulted in a heap overflow > (causing a crash). > > > We believe that this issue exists in all GraphicsMagick releases to date > (including 1.3.25). > > > The fix to this may be found in GraphicsMagick Mercurial at > "https://sourceforge.net/p/graphicsmagick/code/ci/ > 5c7b6d6094a25e99c57f8b18343914ebfd8213ef/";. > > > Bob > -- > Bob Friesenhahn > bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ > GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ > =========================== > > Due to https://software.opensuse.org/package/GraphicsMagick version 1.3.25 > is being in use in openSUSE Tumbleweed. Version 1.3.21 is being in use in > 42.1... http://seclists.org/oss-sec/2016/q4/2 : Use CVE-2016-7800.