Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 10:14:13 +1100
From: Brian May <>
To: oss security list <>
Subject: imagemagick: request for CVEs


Debian has been tracking a number of security issues in imagemagick, and
as a Debian-LTS maintainer I have been advised to try to obtain CVEs for
these issue. On investigation some of these issues have already had CVE
requests however as far as I can tell, CVEs were not assigned (apologies
if I missed something), and I am not sure why.

As there are no CVEs allocated, I have used the temp ids given by Debian
for now.

TEMP-0773834-5EB6CF: multiple vulnerabilities found by Google

CVE was already requested here:

TEMP-0806441-76CD60: Integer and Buffer overflow in coders/icon.c

CVE was already requested here:

TEMP-0806441-CB092C: Double free in coders/pict.c:2000

CVE was already requested here:

TEMP-0811308-B63DA1 is multiple issues; each should have its own
CVE. Not sure if the momory leaks or the "PixelColor off by one" are
security issues, have included them here for sake of being complete:

  - Memory Leaks
    Upstream fix:

  - Out of bounds error in SpliceImage
    Upstream fix:

  - Prevent null pointer access in magick/constitute.c
    Upstream fix:

  - PixelColor off by one on i386
    Upstream fix:

  - Fixed memory leak when reading incorrect PSD files
    Upstream fix:

Brian May <>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.