Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Jun 2016 19:18:02 -0500
From: Jodie Cunningham <jodie.cunningham@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Requesting CVE for ImageMagick DoS

On Thu, Feb 26, 2015 at 2:50 PM, Jodie Cunningham
<jodie.cunningham@...il.com> wrote:
> Adding cve-assign to cc
>
> -Jodie
>
> Hi,
>
> I wanted to share four DoS bugs I found via fuzzing with AFL in
> ImageMagick, as the maintainer has since corrected them. I'd like to
> request the appropriate CVE(s) to cover these DoS bugs:
>
> Date, File ID, ShortDescription, Bug report URL:
> 1/24/2015 3c1c3e63 HDR file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
>
> 1/25/2015 d595506c MIFF file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
>
> 1/25/2015 c8ad6aba PDB file DoS, CPU
> http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
>
> 1/25/2015 783d8806 VICAR file DoS, CPU
> http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
>
>
> Regards,
> -Jodie Cunningham


While it's a party, are there any identifiers for the above?

Also here are the downstream tickets for them:
VICAR: https://bugzilla.redhat.com/show_bug.cgi?id=1195271
PDB: https://bugzilla.redhat.com/show_bug.cgi?id=1195269
MIFF: https://bugzilla.redhat.com/show_bug.cgi?id=1195265
HDR: https://bugzilla.redhat.com/show_bug.cgi?id=1195260


Regards,
-Jodie

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ