oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

New vulnerabilty in imagemagick

From: Bastien ROUCARIES <roucaries.bastien () gmail com>
Date: Sun, 7 Apr 2013 14:57:21 +0200
Hi,

Imagemagick url coder is affected by a NULL deference trigerrable by user

It only occurs when you use a URL as an image filename and you can't
write to the temporary directory which is typically /tmp or whereever
MAGICK_TMPDIR env variable points.

As the debian mainteners I believe this is a security (minor) bug that
could lead to local dos at least.

Upstream bug is here
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23117

Could you please open a candidate CVE number ?

Patch here fix the bug.

Attachment: 0001-git-svn-id-https-www.imagemagick.org-subversion-Imag.patch
Description:

Previous By Date Next
Previous By Thread Next

Current thread: