oss-sec mailing list archives
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability"
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 13 Feb 2014 15:28:24 +1100
On 02/13/2014 03:11 AM, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1that's still 4 bytes too manyUse CVE-2014-1947.
Thanks to everyone who explained this to me off-list.Peter Hutterer of Red Hat has added some information about all of this to https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c4
To summarize, what I posted here originally is http://trac.imagemagick.org/changeset/13736 and has been assigned CVE-2014-1947
The Secunia advisory (http://secunia.com/advisories/56844/) is referring to this commit:
http://trac.imagemagick.org/changeset/14801 Which as far as I know does not have a CVE yet. Cheers, -- Murray McAllister / Red Hat Security Response Team
Current thread:
- information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 11)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 12)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 12)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 13)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 13)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 12)