Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 10:14:13 +1100
From: Brian May <>
To: oss security list <>
Subject: imagemagick: request for CVEs


Debian has been tracking a number of security issues in imagemagick, and
as a Debian-LTS maintainer I have been advised to try to obtain CVEs for
these issue. On investigation some of these issues have already had CVE
requests however as far as I can tell, CVEs were not assigned (apologies
if I missed something), and I am not sure why.

As there are no CVEs allocated, I have used the temp ids given by Debian
for now.

TEMP-0773834-5EB6CF: multiple vulnerabilities found by Google

CVE was already requested here:

TEMP-0806441-76CD60: Integer and Buffer overflow in coders/icon.c

CVE was already requested here:

TEMP-0806441-CB092C: Double free in coders/pict.c:2000

CVE was already requested here:

TEMP-0811308-B63DA1 is multiple issues; each should have its own
CVE. Not sure if the momory leaks or the "PixelColor off by one" are
security issues, have included them here for sake of being complete:

  - Memory Leaks
    Upstream fix:

  - Out of bounds error in SpliceImage
    Upstream fix:

  - Prevent null pointer access in magick/constitute.c
    Upstream fix:

  - PixelColor off by one on i386
    Upstream fix:

  - Fixed memory leak when reading incorrect PSD files
    Upstream fix:

Brian May <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ