Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon,  6 Jun 2016 00:24:29 -0400 (EDT)
From: cve-assign@...re.org
To: jodie.cunningham@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Requesting CVE for ImageMagick DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> 1/24/2015 3c1c3e63 HDR file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195260
>  http://trac.imagemagick.org/changeset/17845
>  http://trac.imagemagick.org/changeset/17846

Use CVE-2015-8900.

There are currently no DNS records for trac.imagemagick.org. It
appears that some or all of the code changes may be on GitHub,
although we have not confirmed that. For example, this HDR issue might
be
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6


> 1/25/2015 d595506c MIFF file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195265
>  http://trac.imagemagick.org/changeset/17854

Use CVE-2015-8901.


> 1/25/2015 c8ad6aba PDB file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195269
>  http://trac.imagemagick.org/changeset/17855

Use CVE-2015-8902.


> 1/25/2015 783d8806 VICAR file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195271
>  http://trac.imagemagick.org/changeset/17856

Use CVE-2015-8903.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXVPqDAAoJEHb/MwWLVhi2YnoP/j/OsaE0UGCCqQ9+i6ryS7Ye
i4PWl9Wj+LR843eJDfjT5oi2HwZVFoVP0rOCKqN0P6gj1Qhm1LeaQduY7hBkroXT
zzNA0VombvKRRBwB4+3Bj9RDe74QNos8OoNz6SRJJyu2C/l7qyar6chyE71WxFn9
wOGKk/Hi530cWJ1Cj3ft42nMbdG6eGQmtnmg+/h6Afd9FjD4YSYq/llUD20gVass
oK4nXEUx3CsxiX8YOlbtkuTCIxuKhqb1xSqU0YyNUhTIRMBsywdcxpAplyO0iK43
27s40ay8fSVV0xLg1GOwZ0t+/Ouwbu0iArXfxuzQOcSBaKcguz5NhzONE5vKT0Y5
JpWlc1EvoLzdp0oDawJnfLr4TmTsA90DXgqM9TJXNReUyVB0HJkBFSn2t27HCeUf
Gyvrq7oTkyWJhpJFOLTM+LmkDsXIaw6SlzUn6GSTwsDdEGJ5+C7W4byTkkpGFu9Y
wo0JKrtwMNZQm1pjsV7w+AihnDhdwTyTNdTYrqqTXuPk4luD2T+kyTbB5Z+mba87
chVHoptvOXG96X17EKLjfGjguqjziDE0ddDwbhxI4Z1FD347bXsui4NO2QBHiZ5X
UW8XbWIou2L5MOhxM5M8SIfkEzfROhYstes3C1UC/RIL3SpFCceKqZCl3n/DdIob
kTjGO9x5OCa+DWyPMhnx
=Wtlv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ