https://bugzilla.redhat.com/show_bug.cgi?id=2073097
Bug ID: 2073097 Summary: CVE-2022-1270 GraphicsMagick: Heap buffer overflow when parsing MIFF Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: andreas@bawue.net, dcavalca@fb.com, epel-packagers-sig@lists.fedoraproject.org, michel@michel-slm.name, ngompa13@gmail.com, rdieter@gmail.com Target Milestone: --- Classification: Other
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
References:
https://sourceforge.net/p/graphicsmagick/bugs/664/
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2073098, 2073099
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2073098 [Bug 2073098] CVE-2022-1270 GraphicsMagick: Heap buffer overflow when parsing MIFF [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2073099 [Bug 2073099] CVE-2022-1270 GraphicsMagick: Heap buffer overflow when parsing MIFF [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
--- Comment #1 from Pedro Sampaio psampaio@redhat.com --- Created GraphicsMagick tracking bugs for this issue:
Affects: epel-all [bug 2073098] Affects: fedora-all [bug 2073099]
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2073100
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
--- Comment #2 from Product Security DevOps Team prodsec-dev@redhat.com --- This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |UPSTREAM Status|NEW |CLOSED Last Closed| |2022-04-07 17:27:31
https://bugzilla.redhat.com/show_bug.cgi?id=2073097
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |GraphicsMagick-1.4.02022032 | |6
https://bugzilla.redhat.com/show_bug.cgi?id=2073097 Bug 2073097 depends on bug 2073099, which changed state.
Bug 2073099 Summary: CVE-2022-1270 GraphicsMagick: Heap buffer overflow when parsing MIFF [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2073099
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2073097 Bug 2073097 depends on bug 2073098, which changed state.
Bug 2073098 Summary: CVE-2022-1270 GraphicsMagick: Heap buffer overflow when parsing MIFF [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2073098
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA
epel-packagers-sig@lists.fedoraproject.org