oss-sec mailing list archives

Re: Asking for CVE for imagemagick

From: Bastien ROUCARIES <roucaries.bastien () gmail com>
Date: Fri, 7 Nov 2014 20:59:37 +0100

On Fri, Nov 7, 2014 at 8:41 PM, Bastien ROUCARIES
<roucaries.bastien () gmail com> wrote:

Hi,

I am asking for two CVE for imagemagick (two DOS):
- Converting some specially crafted jpeg could lead to a dos (see
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456)
- Converting some dcm file could lead to crash then DOS:
Fix last value in dicom_info and added missing != NULL check.

Fix a buffer overflow in dcm reader by checking the dcm file.
This problem was discovered by fuzzing some dcm file.


Sorry the DCM problem was CVE-2014-8562 ImageMagick: out-of-bounds
memory error in DCM decode

The jpeg one is new.

Bastien

Thanks

Bastien

Current thread:

Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
- Re: Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
- Re: Asking for CVE for imagemagick cve-assign (Nov 11)