Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Oct 2014 21:05:18 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Request cve for imagemagick security problem
 (DOS)

Am Wed, 29 Oct 2014 16:17:09 +0100
schrieb Bastien ROUCARIES <roucaries.bastien@...il.com>:

> Version 6.8.9.9 and more recent are fixed.

This imagemagick release fixes also three issues I detected via
zzuf+asan.

I haven't found the time yet to write proper disclosures yet:
Out-of-bound memory error in resize code is CVE-2014-8354
Out-of-bound memory error in PCX decoder is CVE-2014-8355
Out-of-bound memory error in DCM decode has no CVE yet (if CVE
assigners read this they may assign one).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ