Source: graphicsmagick Version: 1.3.26-11 Severity: normal Tags: upstream patch security Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/439/
Hi, the following vulnerability was published for graphicsmagick. CVE-2017-14649[0]: | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does | not properly validate JNG data, leading to a denial of service | (assertion failure in magick/pixel_cache.c, and application crash). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14649 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14649 [1] https://sourceforge.net/p/graphicsmagick/bugs/439/ [2] http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
