Potential DOS and a few other bug:

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

Potential DOS and a few other bug:

Post by broucaries » 2014-10-19T01:44:21-07:00

Hi,

I have a potential regression with security implication. Will send to usual adress. Please create ask for CVE (see https://cve.mitre.org/cve/request_id.html).

I have also a few other bug that I will post as answer here. When you have solved the CVE one and other bug could you made a release ASAP ?

Bastien

[mod note: We split your answers into separate topics, you can find the links below]

viewtopic.php?f=3&t=26400
viewtopic.php?f=3&t=26401
viewtopic.php?f=3&t=26402
viewtopic.php?f=3&t=26403
viewtopic.php?f=3&t=26404

User avatar
magick
Site Admin
Posts: 11076
Joined: 2003-05-31T11:32:55-07:00

Re: Potential DOS and a few other bug:

Post by magick » 2014-10-19T09:03:41-07:00

Here's a fix for the bug you reported:

Code: Select all

513c513
<             (void) DeleteImageProfile(image,next);
---
>             (void) DeleteImageProfile(image,name);
1626c1626
<       (void) ReadProfileByte(&p,&length);
---
>       p++;

broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

Re: Potential DOS and a few other bug:

Post by broucaries » 2014-10-21T12:45:06-07:00

Thanks do you have a CVE ?

User avatar
magick
Site Admin
Posts: 11076
Joined: 2003-05-31T11:32:55-07:00

Re: Potential DOS and a few other bug:

Post by magick » 2014-10-21T13:24:05-07:00

Looking for a user to volunteer to submit it to CVE. We're very busy this week with ImageMagick development. If no one volunteers, we'll try to find the time, perhaps early next week.

Post Reply