Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 15 Oct 2016 22:45:35 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/

> AddressSanitizer: heap-buffer-overflow ... READ of size 10
> ImageMagick-7.0.3-0/./MagickCore/pixel-accessor.h:557:24 in IsPixelMonochrome

Use CVE-2016-8678.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYAudMAAoJEHb/MwWLVhi2q1AQAIBi/od3vsXpt53PUspCr8sZ
IwEVpM7XL9/Ee7rH4GJTI7dJp/FOf+obiVIASLMIIvpC7Kgy8omoBDIZ2s8mmCkv
jMM4MUSs2QUZFjoR26uYW9L+IiwQyD4bBMlMUOFuKUoHbOYpVb7QQABft5NV8H81
RB6ZmbSzDmLwVRIQOLV27L4EZx+kUJb72mbs9VfMIFO5hwF5UX1mCUqp6jQ25UP4
/zlYPPcUsTTcAjRiai+zSxSIKKySfzuEJF4XiHdETPNFguMDquH505OBg8zenpjZ
djYjpnI2cVxFe/yWVpa7d+oTEya7jscuV8PlqquOtLfmfOCYGTI8V7js0Zd3yx8/
/4lhcaMyULhILvho2191mh7CD4SkgL8XNq94DrlQ8IhcZflzCdUOU0lQCn6RRdfg
GqfZ82obAIdg/DJSrMO5QOt5DYyAYNpPS1AFAOpH2UgIfhEcHaAbv3wkudG7vnK2
3Jlj4vUmAxcfWHHSKgpYVh0ffrBHegDypLV5wwHlg/XIVEfEwQ6EjFePMqFHO2AJ
atXRM85uh93WWok09ay+oW84JHzX5F9jDTrTM+92XG62KrRWRCjQviMAZKbx5+yB
kvcH0IWZ0aHRs0BOJ5nuhk8h1VocdzSZwe3nJw1aOJ+UCpzPQqHu60PxqMbrLyyb
3r1w88ZsRdwdsxJ8fch0
=Im8q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.