Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Oct 2016 01:28:09 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
> 
> AddressSanitizer failed to allocate 0x99ad49000 bytes of LargeMmapAllocator
> 
> #9 0x7fe5713b3b3b in AcquireMagickMemory ... ImageMagick-7.0.3-0/MagickCore/memory.c:460:10
> 
> https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc

>> coders/rle.c

Use CVE-2016-8862.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYCFVwAAoJEHb/MwWLVhi2mAsP/1YzJifP793z4w614RoTUA7b
jUkA+sQqO1K9QCLbLxu2WQim5i/NUQoA6PndyleVK/xUfBLoluPpgIc+goGJI8GX
IPIas9M30+donfLhxuwvK68rrxxk6F1ISvsSs7ib8vtcb6jPrIuwH1FJurnAwHas
XSEDMSnwO+kad7wKmshC+GnMwyEi5uj2lXjQxxFF0WiwCJB8Stso8ryPSEGFk6cX
3zzPDMlg7q1A76uAU002yKzkHwB6QeYG6QzrewBv0fDNyQ3VgLNQDPw7FTz8yFF2
5A1YfXb5kTodLjzO3ICg/bBGOBctuBueeIay9wNzBIjeXPIHn6cAJkqdHY3UiMSO
ZUXKwqOwbuvnV9HRVaMjraAzY/wGndn6h8lDqfYWs03AdnaL882+iNuDXh5vTX/u
iBT+YQKnx8SGykWOscRAW296WCgJ+xNTU+mEuk/SzjFzxNKRsyeTdcRiJOPzdPHx
5yxxeOdQd4FSYOUL+V29PuLcBivoNI8ZJ+qgsxornsBB/iw+dp9dRQ/i4jGBnamr
IDW0VSjSl09nO1cNKgnOFvcTGZFblWd2b/2FQPbDMrMUnMa4mKq+PkuDC+FAOh90
y5OliXNX9mYrmVUtg1SYxJzaQzbs+eumSOK473tyF3sncYldCyZqS3G1ye8F7+4X
zIVVHtg4Fh4pITfRPJlH
=4WTn
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ