Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-07] GraphicsMagick: PALM and DCM buffer overflows Vulnerability Scan
Vulnerability Scan Summary
GraphicsMagick: PALM and DCM buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-07
(GraphicsMagick: PALM and DCM buffer overflows)
M. Joonas Pihlaja has reported that a boundary error exists within the
ReadDCMImage() function of coders/dcm.c, causing the improper handling
of DCM images. Pihlaja also reported that there are several boundary
errors in the ReadPALMImage() function of coders/palm.c, similarly
causing the improper handling of PALM images.
A possible hacker could entice a user to open a specially crafted DCM or PALM
image with GraphicsMagick, and possibly execute arbitrary code with the
rights of the user running GraphicsMagick.
There is no known workaround at this time.
All GraphicsMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.