Bug 11154 - imagemagick - DoS: Memory corruption while processing GIF comments (CVE-2013-4298)
Summary: imagemagick - DoS: Memory corruption while processing GIF comments (CVE-2013-...
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/565709/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-04 09:22 CEST by Oden Eriksson
Modified: 2013-09-05 09:37 CEST (History)
0 users

See Also:
Source RPM: imagemagick
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Oden Eriksson 2013-09-04 09:22:39 CEST 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273

The affected code seems to have been added in 6.7.6 (mga2 has 6.7.5) and then removed, so neither mga2, mga3 or cauldron is affected.

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-09-04 09:23:40 CEST 
Closing this reference bug.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 2 David Walser 2013-09-05 05:11:05 CEST 
I had actually looked into this before you filed this and also determined that we're not affected.  Maybe I should have filed a bug like this :o)

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4298 => http://lwn.net/Vulnerabilities/565709/
Summary: CVE-2013-4298: imagemagick - DoS: Memory corruption while processing GIF comments => imagemagick - DoS: Memory corruption while processing GIF comments (CVE-2013-4298)

Comment 3 Oden Eriksson 2013-09-05 09:37:05 CEST 
(In reply to David Walser from comment #2)
> I had actually looked into this before you filed this and also determined
> that we're not affected.  Maybe I should have filed a bug like this :o)

Yes, it's good for trackability and especially for those with the memory of a gold fish.
Note You need to log in before you can comment on or make changes to this bug.