Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://www.imagemagick.org/discourse-server/

Potential DOS and a few other bug:

https://www.imagemagick.org/discourse-server/viewtopic.php?t=26399

Page 1 of 1

Potential DOS and a few other bug:

Posted: 2014-10-19T01:44:21-07:00
by broucaries
Hi,

I have a potential regression with security implication. Will send to usual adress. Please create ask for CVE (see https://cve.mitre.org/cve/request_id.html).

I have also a few other bug that I will post as answer here. When you have solved the CVE one and other bug could you made a release ASAP ?

Bastien

[mod note: We split your answers into separate topics, you can find the links below]

viewtopic.php?f=3&t=26400
viewtopic.php?f=3&t=26401
viewtopic.php?f=3&t=26402
viewtopic.php?f=3&t=26403
viewtopic.php?f=3&t=26404

Re: Potential DOS and a few other bug:

Posted: 2014-10-19T09:03:41-07:00
by magick
Here's a fix for the bug you reported:

Code: Select all

513c513
<             (void) DeleteImageProfile(image,next);
---
>             (void) DeleteImageProfile(image,name);
1626c1626
<       (void) ReadProfileByte(&p,&length);
---
>       p++;

Re: Potential DOS and a few other bug:

Posted: 2014-10-21T12:45:06-07:00
by broucaries
Thanks do you have a CVE ?

Re: Potential DOS and a few other bug:

Posted: 2014-10-21T13:24:05-07:00
by magick
Looking for a user to volunteer to submit it to CVE. We're very busy this week with ImageMagick development. If no one volunteers, we'll try to find the time, perhaps early next week.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited