oss-sec mailing list archives
Re: Requesting CVE for ImageMagick DoS
From: Jodie Cunningham <jodie.cunningham () gmail com>
Date: Sun, 5 Jun 2016 19:18:02 -0500
On Thu, Feb 26, 2015 at 2:50 PM, Jodie Cunningham <jodie.cunningham () gmail com> wrote:
Adding cve-assign to cc -Jodie Hi, I wanted to share four DoS bugs I found via fuzzing with AFL in ImageMagick, as the maintainer has since corrected them. I'd like to request the appropriate CVE(s) to cover these DoS bugs: Date, File ID, ShortDescription, Bug report URL: 1/24/2015 3c1c3e63 HDR file DoS, CPU http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929 1/25/2015 d595506c MIFF file DoS, CPU http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931 1/25/2015 c8ad6aba PDB file DoS, CPU http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932 1/25/2015 783d8806 VICAR file DoS, CPU http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933 Regards, -Jodie Cunningham
While it's a party, are there any identifiers for the above? Also here are the downstream tickets for them: VICAR: https://bugzilla.redhat.com/show_bug.cgi?id=1195271 PDB: https://bugzilla.redhat.com/show_bug.cgi?id=1195269 MIFF: https://bugzilla.redhat.com/show_bug.cgi?id=1195265 HDR: https://bugzilla.redhat.com/show_bug.cgi?id=1195260 Regards, -Jodie
Current thread:
- Re: Requesting CVE for ImageMagick DoS Jodie Cunningham (Jun 05)
- Re: Requesting CVE for ImageMagick DoS cve-assign (Jun 05)