In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "graphicsmagick" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "graphicsmagick-dbg" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "graphicsmagick-imagemagick-compat" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "graphicsmagick-libmagick-dev-compat" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "libgraphics-magick-perl" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "libgraphicsmagick++-q16-12" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "libgraphicsmagick++1-dev" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "libgraphicsmagick-q16-3" }, { "binary_version": "1.3.28-2ubuntu0.1", "binary_name": "libgraphicsmagick1-dev" } ] }