Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Jan 2015 13:06:07 -0500
From: Yury German <>
Subject: Re: Imagemagick fuzzing bug

Do we have a CVE assigned to this by chance?

> On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES <> wrote:
> Hi,
> during the previous month google and Jodie Cunningham.
> have done a security audit of imagemagick and found a lot of security bug:
>  * Avoid a DOS in vision.c due to an infinite loop.
>  * Avoid a SEGV due to a corrupted pnm file.
>  * Do not leak fd due to corrupted file.
>  * Fix a double free in pdb coder.
>  * Fix a SEGV due to corrupted dpc and xwd images.
>  * Fix a SEGV in dpx file handler.
>  * Fix a SEGV in malformed xwd file handler.
>  * Avoid a NULL pointer dereference in ps file handling.
>  * Fix a crash with corrupted viff file.
>  * Fix a NULL pointer dereference in wpg file handling.
>  * Do not continue on corrupted wpg file.
>  * Avoid an out of bound access in viff image.
>  * Avoid a heap buffer overflow in pdb file handling.
>  * Avoid an out of bound acess on malformed sun file.
>  * Avoid heap overflow in palm, pnm and xpm files.
>  * Fix heap overflow in quantum, palm and psd file.
>  * Fix handling of corrupted of psd, sun and xpm file.
>  * Fix corrupted (too many colors) psd file.
>  * Fix an out of bound acess in sun file.
>  * Fix handling of corrupted sun and wpg file.
>  * Fix heap overflow in pcx file, psd, pict and wpf files
>    and DOS in xpm files.
>  * Add additional PNM sanity checks.
>  * Avoid a crash to out of memory in magick/cache.c
>  * Fix a theorical out of bound access in magick/colormap-private.h
>  * Fix an out of bound access in palm file.
>  * Fixed throwing of exceptions in psd handling and fix a memory leak.
>  * Fixed boundary checks in DecodePSDPixels.
>  * Fix another out of bound problem in rle file.
>  * Fix crash due to corrupted dib file.
>  * Added checks to prevent overflow in rle file.
>  * Impose a limit of 10 million columns or rows in an input PNG
>  * Don't try to handle a "previous" image in the JNG decoder.
>  * Avoid a memory leak in quantum management.
>  * Avoid a crash in png coder.
>  * Thread limit should be at least 1 in order to be efficient.
>  * In psd file handling fixed parsing resource block and
>    avoid a crash.
>  * In cache fix usage of object after it has been destroyed.
>  * Avoid a memory leak in rle file handling.
>  * During identification of image do not fill memory
> Patch queue is here:

Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ