oss-sec mailing list archives
ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype
From: "NOIRFATE" <noirfate () vip qq com>
Date: Mon, 9 Oct 2017 15:58:30 +0800
Description: The RenderFreetype function in MagickCore/annotate.c in ImageMagick allows attackers to cause a denial of service via a crafted font file. Affected version: ImageMagick 7.0.7-3 (maybe previous versions are affected as well) Fixed version: ImageMagick 7.0.7-7 Commit fix: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 Details: https://github.com/ImageMagick/ImageMagick/issues/781 Credit: This bug was discovered by Yihan Lian of GearTeam at Qihoo360 CVE: CVE-2017-14989
Current thread:
- ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype NOIRFATE (Oct 09)