GraphicsMagick: Multiple vulnerabilities — GLSA 201311-10

Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.

Affected packages

media-gfx/graphicsmagick on all architectures
Affected versions < 1.3.18
Unaffected versions >= 1.3.18

Background

GraphicsMagick is the Swiss army knife of image processing.

Description

Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially-crafted image file, potentially resulting in arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GraphicsMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.18"
 

References

Release date
November 19, 2013

Latest revision
November 19, 2013: 1

Severity
normal

Exploitable
remote

Bugzilla entries