Date: Mon, 17 Jul 2017 06:34:56 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: ImageMagick: CVE-2017-11352: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) Hi In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. This is caused by an incomplete fix of CVE-2017-9144. Upstream reference: https://github.com/ImageMagick/ImageMagick/issues/502 Upstream fix (ImageMagick-7): https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23 Upstream fix (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373 MITRE has assigned CVE-2017-11352 for this issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.