libfpx cve fixes

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
nros
Posts: 7
Joined: 2015-12-26T08:14:32-07:00
Authentication code: 1151
Location: Sweden

libfpx cve fixes

Post by nros » 2017-10-06T07:20:23-07:00

I have made some patches for libfpx that fixes CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920.
The patches are available at http://cvsweb.netbsd.org/bsdweb.cgi/pkg ... h_tag=MAIN

I have tested the patches against Agustinos payloads for these CVEs and they don't crash.

Regards,
Niclas Rosenvik

User avatar
magick
Site Admin
Posts: 10698
Joined: 2003-05-31T11:32:55-07:00

Re: libfpx cve fixes

Post by magick » 2017-10-06T16:30:11-07:00

Niclas, thanks for the patches. We applied them against libfpx and have a libfpx-1.3.9-10 release scheduled by sometime tomorrow.

Post Reply