oss-sec mailing list archives

Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability"

From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 13 Feb 2014 15:28:24 +1100

On 02/13/2014 03:11 AM, cve-assign () mitre org wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

that's still 4 bytes too many


Use CVE-2014-1947.


Thanks to everyone who explained this to me off-list.

Peter Hutterer of Red Hat has added some information about all of thisto https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c4

To summarize, what I posted here originally ishttp://trac.imagemagick.org/changeset/13736 and has been assignedCVE-2014-1947

The Secunia advisory (http://secunia.com/advisories/56844/) is referringto this commit:


http://trac.imagemagick.org/changeset/14801

Which as far as I know does not have a CVE yet.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

Current thread:

information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 11)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 12)
  - Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 12)
- Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 13)
  - Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 13)
    - Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 13)
    - Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 19)