Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 May 2017 20:41:19 +0200
From: Thomas Deutschmann <whissi@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: ImageMagick: CVE-2017-9098: use of
 uninitialized memory in RLE decoder

Hi,

let me take the opportunity to jump into this.

Bob, do you have any PoC you can share with ImageMagick project
regarding CVE-2017-6335?

Your fix was
https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/

I asked ImageMagick project about that issue but they don't know without
a PoC, see https://github.com/ImageMagick/ImageMagick/issues/391

Thanks!


-- 
Regards,
Thomas Deutschmann / Gentoo Security Team
C4DD 695F A713 8F24 2AA1  5638 5849 7EE5 1D5D 74A5



Download attachment "signature.asc" of type "application/pgp-signature" (952 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ