Date: Sat, 1 Oct 2016 10:43:18 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security@...ts.openwall.com Subject: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow Today we received a report from Marco Grassi about a heap overflow in the 8BIM reader. 8BIM is a metadata chunk often attached to JPEG files. After investigation it was found that there was a small unsigned overflow leading to a huge size value, which then resulted in a heap overflow (causing a crash). We believe that this issue exists in all GraphicsMagick releases to date (including 1.3.25). The fix to this may be found in GraphicsMagick Mercurial at "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/". Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ