GraphicsMagick / Bugs / #565 ImageMagick CVE-2017-18272 applies to GraphicsMagick

#565 ImageMagick CVE-2017-18272 applies to GraphicsMagick

Milestone: v1.0_(example)

Status: closed-fixed

Owner: Bob Friesenhahn

Labels: None

Priority: 5

Updated: 2018-06-20

Created: 2018-05-23

Creator: Petr Gajdos

Private: No

GraphicsMagick seem to share the issue, testcase and patch for CVE-2017-18272:
https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
Attaching a patch against 15658:ebd3eb090848.

BEFORE

$ gm convert cpu-exhaustion-ReadMIFFImage /dev/null
[hangs]

AFTER

$ gm convert cpu-exhaustion-ReadMIFFImage /dev/null
gm convert: Unexpected end-of-file (cpu-exhaustion-ReadMIFFImage).
$

1 Attachments

GraphicsMagick-CVE-2017-18271.patch

Discussion

Bob Friesenhahn - 2018-06-10

status: open --> closed-fixed

assigned_to: Bob Friesenhahn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bob Friesenhahn - 2018-06-10

This fix is applied as Mercurial changeset 15701:23f53da8b9d3. Thanks for the report!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Petr Gajdos - 2018-06-20

Thank you!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

ImageMagick CVE-2017-18272 applies to GraphicsMagick

Swiss army knife of image processing

Group

Searches

Help

#565 ImageMagick CVE-2017-18272 applies to GraphicsMagick

Discussion