Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <34405e1f08734a7fb48464fb06a54bc6@imshyb02.MITRE.ORG>
Date: Tue, 22 Nov 2016 19:14:03 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h

> ImageMagick-7.0.3-6/./MagickCore/pixel-accessor.h:507:30
> imagemagick-7.0.3.6/work/ImageMagick-7.0.3-6/MagickCore/attribute.c:677

> AddressSanitizer: heap-buffer-overflow
> READ of size 4

> https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99
> 
> coders/sgi.c

Use CVE-2016-9556 for this buffer over-read.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYNN5eAAoJEHb/MwWLVhi2c/EP/iCKNHI2pUBD95pymlj+Fkt2
JJOJzfWG2KSFsFT0jjfIfEg0DCyD+0gjlUe/QEboA57lKMHx1Bu/xKvyGrpoaI86
T3utbgSUF3ZwYaNGySIMpVG96Fdtp8dfJWEMSBSw3deOVCjAFHqExRbOiIQwkaDD
rvS2SzFNa3H/tmhPyrTiTUwmjV+pnG81YvwKJhkxapLyPbROBuI0QuGmm7hv7kzF
ADJI3WVzW3d2N5xU+HFg5sQgmH0dwybwWD/KkzpYJ1daTq53mdOaOW2c/qjhWbk7
wukuNqT8PhNxLLpNRMaZCNKIHdBD+RCh9Oi/zQwXHpSkJ7EgfW/LRCx1OIuXrGBD
gWMbm6KqI13DvbV6ct9elpr54/dZ8zklNrar++PsDRksmwFLiz1mBbzdAPJiTVKT
gNEjqSkM1wqPlFQO/pWAwJU0Ja7bLQg5XUE5gfrl1pFNMqBJ54IzdJUnKXNw64lc
u72Aa3tZ+XKN902zpbqaVb+9PHqL/FFVYCfd64l0CRkEToPP9OIg10sCL9VEVeEw
eyDDYR8jIEVu3ilvm/ieQsb5ZVkhPvkWlGwhaJRzG89U9D5j9S4qrOIk5CXPnJ82
Z8bXCzxAX7ebnRstDbz5lOJ1Lb6ahvmboHuxs4VoEryN+9fdmWCKVYTVRNRi8oAd
ER7izj3MLcjre+i4Oifq
=irqB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.