The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
{ "binaries": [ { "binary_name": "graphicsmagick", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "graphicsmagick-imagemagick-compat", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "graphicsmagick-libmagick-dev-compat", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "libgraphics-magick-perl", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "libgraphicsmagick++1-dev", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "libgraphicsmagick++3", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "libgraphicsmagick1-dev", "binary_version": "1.3.18-1ubuntu3.1+esm8" }, { "binary_name": "libgraphicsmagick3", "binary_version": "1.3.18-1ubuntu3.1+esm8" } ] }
{ "binaries": [ { "binary_name": "graphicsmagick", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "graphicsmagick-imagemagick-compat", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "graphicsmagick-libmagick-dev-compat", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "libgraphics-magick-perl", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "libgraphicsmagick++-q16-12", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "libgraphicsmagick++1-dev", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "libgraphicsmagick-q16-3", "binary_version": "1.3.23-1ubuntu0.6+esm2" }, { "binary_name": "libgraphicsmagick1-dev", "binary_version": "1.3.23-1ubuntu0.6+esm2" } ] }