Mandriva Update For Graphicsmagick MDVSA-2012:165 (graphicsmagick) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in graphicsmagick: The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation (CVE-2012-3438). The updated packages have been patched to correct this issue.

Affected

graphicsmagick on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-3438

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:161 (squid)
Mandrake Security Advisory MDVSA-2009:126 (eggdrop)
Mandrake Security Advisory MDVSA-2009:127 (gaim)
Mandrake Security Advisory MDVSA-2009:090 (php)
Mandrake Security Advisory MDVSA-2009:068 (poppler)

Mandriva Update for graphicsmagick MDVSA-2012:165 (graphicsmagick)

Take action and discover your vulnerabilities