Date: Mon, 22 May 2017 20:41:19 +0200 From: Thomas Deutschmann <whissi@...too.org> To: oss-security@...ts.openwall.com Subject: Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Hi, let me take the opportunity to jump into this. Bob, do you have any PoC you can share with ImageMagick project regarding CVE-2017-6335? Your fix was https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/ I asked ImageMagick project about that issue but they don't know without a PoC, see https://github.com/ImageMagick/ImageMagick/issues/391 Thanks! -- Regards, Thomas Deutschmann / Gentoo Security Team C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 Download attachment "signature.asc" of type "application/pgp-signature" (952 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ