Page 1 of 1

statement about CVE-2016-9773

Posted: 2016-12-14T08:24:37-07:00
by broucaries
https://security-tracker.debian.org/tra ... -2016-9773

Does this is a imagemagick 7 only bug ?

Thanks

bastien

Re: statement about CVE-2016-9773

Posted: 2016-12-14T08:53:11-07:00
by magick
Yes, ImageMagick version 7 supports variable pixel channels, version 6 does not. The problem was that the streaming interface allocated 3 channels but the coder might introduce a new channel, e.g. the alpha channel.