oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype

From: "NOIRFATE" <noirfate () vip qq com>
Date: Mon, 9 Oct 2017 15:58:30 +0800
Description:
The RenderFreetype function in MagickCore/annotate.c in ImageMagick allows attackers to cause a denial of service via a 
crafted font file.

Affected version:
ImageMagick 7.0.7-3 (maybe previous versions are affected as well)

Fixed version:
ImageMagick 7.0.7-7

Commit fix:
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628

Details:
https://github.com/ImageMagick/ImageMagick/issues/781

Credit:
This bug was discovered by Yihan Lian of GearTeam at Qihoo360

CVE:
CVE-2017-14989
Previous By Date Next
Previous By Thread Next

Current thread: