Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Jul 2017 06:34:56 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: ImageMagick: CVE-2017-11352: Improper EOF handling in coders/rle.c
 can trigger crash (Incomplete fix for CVE-2017-9144)

Hi

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a
crash because of incorrect EOF handling in coders/rle.c. This is
caused by an incomplete fix of CVE-2017-9144.

Upstream reference:
https://github.com/ImageMagick/ImageMagick/issues/502

Upstream fix (ImageMagick-7):
https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23

Upstream fix (ImageMagick-6):

https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373

MITRE has assigned CVE-2017-11352 for this issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.