statement about CVE-2016-9773

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

statement about CVE-2016-9773

Post by broucaries » 2016-12-14T08:24:37-07:00

https://security-tracker.debian.org/tra ... -2016-9773

Does this is a imagemagick 7 only bug ?

Thanks

bastien

User avatar
magick
Site Admin
Posts: 11014
Joined: 2003-05-31T11:32:55-07:00

Re: statement about CVE-2016-9773

Post by magick » 2016-12-14T08:53:11-07:00

Yes, ImageMagick version 7 supports variable pixel channels, version 6 does not. The problem was that the streaming interface allocated 3 channels but the coder might introduce a new channel, e.g. the alpha channel.

Post Reply