diff options
| author | Greg Larkin <glarkin@FreeBSD.org> | 2012-09-25 21:41:50 +0000 |
|---|---|---|
| committer | Greg Larkin <glarkin@FreeBSD.org> | 2012-09-25 21:41:50 +0000 |
| commit | 48491c1b2ff65eed32d86d18b2dac68e47b5d2ff (patch) | |
| tree | 9523e11139534b2fca224d72ea833b5ca2a5a452 /security | |
| parent | 569fde80936d080a0cc78bc4391c44ea1bd39ceb (diff) | |
| download | ports-48491c1b2ff65eed32d86d18b2dac68e47b5d2ff.tar.gz ports-48491c1b2ff65eed32d86d18b2dac68e47b5d2ff.zip | |
- Documented PNG file DoS vulnerability in ImageMagick and GraphicsMagick
- Added -nox11 suffixes to various ImageMagick entries
Notes
Notes:
svn path=/head/; revision=304862
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 132d098ea855..b8c8ccba93af 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,49 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="98690c45-0361-11e2-a391-000c29033c32"> + <topic>ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file</topic> + <affects> + <package> + <name>ImageMagick</name> + <name>ImageMagick-nox11</name> + <range><le>6.7.8.6</le></range> + </package> + <package> + <name>GraphicsMagick</name> + <name>GraphicsMagick-nox11</name> + <range><ge>1.3.0</ge><le>1.3.16</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kurt Seifried reports:</p> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=844105"> + <p>There is an issue in ImageMagick that is also present in + GraphicsMagick. CVE-2011-3026 deals with libpng memory + allocation, and limitations have been added so that a bad PNG + can't cause the system to allocate a lot of memory and a + denial of service. However on further investigation of + ImageMagick, Tom Lane found that PNG malloc function + (Magick_png_malloc) in turn calls AcquireMagickMemory with an + improper size argument.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3438</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=844105</url> + <bid>54716</bid> + <url>http://secunia.com/advisories/50090</url> + <url>http://xforce.iss.net/xforce/xfdb/77259</url> + <url>http://osvdb.org/show/osvdb/84323</url> + </references> + <dates> + <discovery>2012-07-28</discovery> + <entry>2012-09-20</entry> + </dates> + </vuln> + <vuln vid="ec255bd8-02c6-11e2-92d1-000d601460a4"> <topic>php5-sqlite -- open_basedir bypass</topic> <affects> @@ -3280,6 +3323,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><lt>6.7.6.4</lt></range> </package> </affects> @@ -41343,6 +41387,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><ge>6.0.0</ge><lt>6.2.9</lt></range> </package> </affects> @@ -56883,6 +56928,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><lt>6.2.2</lt></range> </package> </affects> @@ -58751,6 +58797,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><lt>6.2.0.3</lt></range> </package> </affects> @@ -61277,6 +61324,7 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><lt>6.1.8.8</lt></range> </package> </affects> @@ -64117,6 +64165,7 @@ http_access deny Gopher</pre> <affects> <package> <name>ImageMagick</name> + <name>ImageMagick-nox11</name> <range><lt>6.1.3</lt></range> </package> </affects> |