oss-sec mailing list archives
Re: Asking for CVE for imagemagick
From: Bastien ROUCARIES <roucaries.bastien () gmail com>
Date: Fri, 7 Nov 2014 20:59:37 +0100
On Fri, Nov 7, 2014 at 8:41 PM, Bastien ROUCARIES <roucaries.bastien () gmail com> wrote:
Hi, I am asking for two CVE for imagemagick (two DOS): - Converting some specially crafted jpeg could lead to a dos (see http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456) - Converting some dcm file could lead to crash then DOS: Fix last value in dicom_info and added missing != NULL check. Fix a buffer overflow in dcm reader by checking the dcm file. This problem was discovered by fuzzing some dcm file.
Sorry the DCM problem was CVE-2014-8562 ImageMagick: out-of-bounds memory error in DCM decode The jpeg one is new. Bastien
Thanks Bastien
Current thread:
- Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
- Re: Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
- Re: Asking for CVE for imagemagick cve-assign (Nov 11)