Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://www.imagemagick.org/discourse-server/

libfpx cve fixes

https://www.imagemagick.org/discourse-server/viewtopic.php?t=32809

Page 1 of 1

libfpx cve fixes

Posted: 2017-10-06T07:20:23-07:00
by nros
I have made some patches for libfpx that fixes CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920.
The patches are available at http://cvsweb.netbsd.org/bsdweb.cgi/pkg ... h_tag=MAIN

I have tested the patches against Agustinos payloads for these CVEs and they don't crash.

Regards,
Niclas Rosenvik

Re: libfpx cve fixes

Posted: 2017-10-06T16:30:11-07:00
by magick
Niclas, thanks for the patches. We applied them against libfpx and have a libfpx-1.3.9-10 release scheduled by sometime tomorrow.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited