Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 16:15:22 +0100
From: Stefan Cornelius <>
Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete
 ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248


The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.

The original fix for CVE-2012-0247 failed to check for the possibility
of an integer overflow when computing the sum of "number_bytes" and
"offset". This resulted in a wrap around into a value smaller than
"length", making original CVE-2012-0247 introduced "length" check still
to be possible to bypass, leading to memory corruption.

We have assigned CVE-2012-1185 identifier for the incomplete fix of the
CVE-2012-0247 issue.

Relevant upstream patches:

Red Hat Bugzilla bug:

The original fix for CVE-2012-0248 failed to correct the denial of
service condition in "profile.c" source code part, too. This still
allowed the specially-crafted image file, when processed for example by
the "convert" executable, to cause original CVE-2012-0248 problem
(denial of service).

We have assigned CVE-2012-1186 identifier for the incomplete fix of the
CVE-2012-0248 issue.

Relevant upstream patch (same as [1] above):

Red Hat Bugzilla entry:

Thanks and kind regards,
Stefan Cornelius / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ