In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "graphicsmagick-imagemagick-compat": "1.3.28-2ubuntu0.1", "graphicsmagick": "1.3.28-2ubuntu0.1", "libgraphics-magick-perl": "1.3.28-2ubuntu0.1", "graphicsmagick-dbg": "1.3.28-2ubuntu0.1", "libgraphicsmagick++1-dev": "1.3.28-2ubuntu0.1", "libgraphicsmagick++-q16-12": "1.3.28-2ubuntu0.1", "graphicsmagick-libmagick-dev-compat": "1.3.28-2ubuntu0.1", "libgraphicsmagick1-dev": "1.3.28-2ubuntu0.1", "libgraphicsmagick-q16-3": "1.3.28-2ubuntu0.1" } ] }