|
Message-ID: <20141029210518.26fc9808@pc>
Date: Wed, 29 Oct 2014 21:05:18 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Request cve for imagemagick security problem
(DOS)
Am Wed, 29 Oct 2014 16:17:09 +0100
schrieb Bastien ROUCARIES <roucaries.bastien@...il.com>:
> Version 6.8.9.9 and more recent are fixed.
This imagemagick release fixes also three issues I detected via
zzuf+asan.
I haven't found the time yet to write proper disclosures yet:
Out-of-bound memory error in resize code is CVE-2014-8354
Out-of-bound memory error in PCX decoder is CVE-2014-8355
Out-of-bound memory error in DCM decode has no CVE yet (if CVE
assigners read this they may assign one).
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.