oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder

From: Solar Designer <solar () openwall com>
Date: Tue, 23 May 2017 09:10:46 +0200
On Mon, May 22, 2017 at 05:58:31PM -0500, Bob Friesenhahn wrote:

On Mon, 22 May 2017, Thomas Deutschmann wrote:

Bob, do you have any PoC you can share with ImageMagick project
regarding CVE-2017-6335?

Your fix was
https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/

I asked ImageMagick project about that issue but they don't know without
a PoC, see https://github.com/ImageMagick/ImageMagick/issues/391


I have attached the problematic TIFF file.  I don't know if binary 
attachments are accepted by this list.


Small binary attachments (total message size of up to 200 KB including
overhead) are accepted, but unfortunately image/tiff was on the
mimeremove list, so your attachment didn't get through.  I've just
removed image/tiff from mimeremove.  Please resend (if small enough).

As to why have mimeremove at all: many people use MUAs or/and have
signatures that always attach needless files (e.g., a text/html portion
linking to a company logo, which is also included).  But I guess use of
image/tiff for those is very unusual, so there was no good reason to
have this MIME type removed.

The current mimeremove is:

application/ms-tnef
text/html
text/x-vcard
image/gif
image/jpeg
image/png

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: