Date: Fri, 7 Nov 2014 20:59:37 +0100 From: Bastien ROUCARIES <roucaries.bastien@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Asking for CVE for imagemagick On Fri, Nov 7, 2014 at 8:41 PM, Bastien ROUCARIES <roucaries.bastien@...il.com> wrote: > Hi, > > I am asking for two CVE for imagemagick (two DOS): > - Converting some specially crafted jpeg could lead to a dos (see > http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456) > - Converting some dcm file could lead to crash then DOS: > Fix last value in dicom_info and added missing != NULL check. > > Fix a buffer overflow in dcm reader by checking the dcm file. > This problem was discovered by fuzzing some dcm file. Sorry the DCM problem was CVE-2014-8562 ImageMagick: out-of-bounds memory error in DCM decode The jpeg one is new. Bastien > Thanks > > Bastien
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.