oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Requesting CVE for ImageMagick DoS

From: Jodie Cunningham <jodie.cunningham () gmail com>
Date: Sun, 5 Jun 2016 19:18:02 -0500
On Thu, Feb 26, 2015 at 2:50 PM, Jodie Cunningham
<jodie.cunningham () gmail com> wrote:

Adding cve-assign to cc

-Jodie

Hi,

I wanted to share four DoS bugs I found via fuzzing with AFL in
ImageMagick, as the maintainer has since corrected them. I'd like to
request the appropriate CVE(s) to cover these DoS bugs:

Date, File ID, ShortDescription, Bug report URL:
1/24/2015 3c1c3e63 HDR file DoS, CPU
 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929

1/25/2015 d595506c MIFF file DoS, CPU
 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931

1/25/2015 c8ad6aba PDB file DoS, CPU
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932

1/25/2015 783d8806 VICAR file DoS, CPU
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933


Regards,
-Jodie Cunningham



While it's a party, are there any identifiers for the above?

Also here are the downstream tickets for them:
VICAR: https://bugzilla.redhat.com/show_bug.cgi?id=1195271
PDB: https://bugzilla.redhat.com/show_bug.cgi?id=1195269
MIFF: https://bugzilla.redhat.com/show_bug.cgi?id=1195265
HDR: https://bugzilla.redhat.com/show_bug.cgi?id=1195260


Regards,
-Jodie
Previous By Date Next
Previous By Thread Next

Current thread: