In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "graphicsmagick": "1.3.23-1ubuntu0.6", "graphicsmagick-dbg": "1.3.23-1ubuntu0.6", "libgraphicsmagick++1-dev": "1.3.23-1ubuntu0.6", "graphicsmagick-libmagick-dev-compat": "1.3.23-1ubuntu0.6", "libgraphicsmagick1-dev": "1.3.23-1ubuntu0.6", "graphicsmagick-dbgsym": "1.3.23-1ubuntu0.6", "libgraphicsmagick1-dev-dbgsym": "1.3.23-1ubuntu0.6", "graphicsmagick-imagemagick-compat": "1.3.23-1ubuntu0.6", "libgraphicsmagick-q16-3-dbgsym": "1.3.23-1ubuntu0.6", "libgraphics-magick-perl": "1.3.23-1ubuntu0.6", "libgraphics-magick-perl-dbgsym": "1.3.23-1ubuntu0.6", "libgraphicsmagick++-q16-12": "1.3.23-1ubuntu0.6", "libgraphicsmagick++-q16-12-dbgsym": "1.3.23-1ubuntu0.6", "libgraphicsmagick++1-dev-dbgsym": "1.3.23-1ubuntu0.6", "libgraphicsmagick-q16-3": "1.3.23-1ubuntu0.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "graphicsmagick-imagemagick-compat": "1.3.27-3", "graphicsmagick": "1.3.27-3", "libgraphics-magick-perl": "1.3.27-3", "graphicsmagick-dbg": "1.3.27-3", "libgraphicsmagick++1-dev": "1.3.27-3", "libgraphicsmagick++-q16-12": "1.3.27-3", "graphicsmagick-libmagick-dev-compat": "1.3.27-3", "libgraphicsmagick1-dev": "1.3.27-3", "libgraphicsmagick-q16-3": "1.3.27-3" } ] }