libfpx cve fixes

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
nros
Posts: 7
Joined: 2015-12-26T08:14:32-07:00
Authentication code: 1151
Location: Sweden

libfpx cve fixes

Post by nros »

I have made some patches for libfpx that fixes CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920.
The patches are available at http://cvsweb.netbsd.org/bsdweb.cgi/pkg ... h_tag=MAIN

I have tested the patches against Agustinos payloads for these CVEs and they don't crash.

Regards,
Niclas Rosenvik
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: libfpx cve fixes

Post by magick »

Niclas, thanks for the patches. We applied them against libfpx and have a libfpx-1.3.9-10 release scheduled by sometime tomorrow.
Post Reply