Date: Wed, 29 Oct 2014 21:05:18 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Request cve for imagemagick security problem (DOS) Am Wed, 29 Oct 2014 16:17:09 +0100 schrieb Bastien ROUCARIES <roucaries.bastien@...il.com>: > Version 18.104.22.168 and more recent are fixed. This imagemagick release fixes also three issues I detected via zzuf+asan. I haven't found the time yet to write proper disclosures yet: Out-of-bound memory error in resize code is CVE-2014-8354 Out-of-bound memory error in PCX decoder is CVE-2014-8355 Out-of-bound memory error in DCM decode has no CVE yet (if CVE assigners read this they may assign one). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.