The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "graphicsmagick": "1.3.23-1ubuntu0.2", "graphicsmagick-dbg": "1.3.23-1ubuntu0.2", "libgraphicsmagick++1-dev": "1.3.23-1ubuntu0.2", "graphicsmagick-libmagick-dev-compat": "1.3.23-1ubuntu0.2", "libgraphicsmagick1-dev": "1.3.23-1ubuntu0.2", "graphicsmagick-dbgsym": "1.3.23-1ubuntu0.2", "libgraphicsmagick1-dev-dbgsym": "1.3.23-1ubuntu0.2", "graphicsmagick-imagemagick-compat": "1.3.23-1ubuntu0.2", "libgraphicsmagick-q16-3-dbgsym": "1.3.23-1ubuntu0.2", "libgraphics-magick-perl": "1.3.23-1ubuntu0.2", "libgraphics-magick-perl-dbgsym": "1.3.23-1ubuntu0.2", "libgraphicsmagick++-q16-12": "1.3.23-1ubuntu0.2", "libgraphicsmagick++-q16-12-dbgsym": "1.3.23-1ubuntu0.2", "libgraphicsmagick++1-dev-dbgsym": "1.3.23-1ubuntu0.2", "libgraphicsmagick-q16-3": "1.3.23-1ubuntu0.2" } ] }