Date: Wed, 29 Oct 2014 21:05:18 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Request cve for imagemagick security problem (DOS) Am Wed, 29 Oct 2014 16:17:09 +0100 schrieb Bastien ROUCARIES <roucaries.bastien@...il.com>: > Version 188.8.131.52 and more recent are fixed. This imagemagick release fixes also three issues I detected via zzuf+asan. I haven't found the time yet to write proper disclosures yet: Out-of-bound memory error in resize code is CVE-2014-8354 Out-of-bound memory error in PCX decoder is CVE-2014-8355 Out-of-bound memory error in DCM decode has no CVE yet (if CVE assigners read this they may assign one). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ