oss-sec mailing list archives
Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)
From: <cve-assign () mitre org>
Date: Fri, 2 Dec 2016 13:07:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556
AddressSanitizer: heap-buffer-overflow READ of size 4 #0 0x7f897b123266 in IsPixelGray ImageMagick-7.0.3-8/./MagickCore/pixel-accessor.h:507:30
Use CVE-2016-9773 for the vulnerability present in "an updated version which includes the fix for CVE-2016-9556." - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYQbZTAAoJEHb/MwWLVhi23/0P/jjSc66cYiN9RO+COylm6tXV eTJyErBTaBEPif0I/0OYuYrXP40EIgUGFjCBYuCWpTkMabqw1/aOaSSSIc5fXfAg fuRpgddBCSmSsncTcivJGJw8mfRC7kRb9pxkmxcxRbC9JibW42OzFTo9Yzc0cpuE HENOhxL7n26ZJw3dc+y+tGZUXynLARe/93DFkpw03twLFE8pqSffRdPTSveQb6j/ 6GTuHdLYFmmqTFXVk3TGntbgQmKSFhodi6T5te9pTXdwSl336yAswbL7XSECXJeZ mr2RWFxCP3r9pGFPIfSGuuO4N5dkOOM/x94G5JgqYO+BBxMMdTSqwuLKZYLnmPju xYalu2woeXhb6I9LRiKVw6+kAGJTo3tTnhLk3P1p8gnYug5gcr6k1TP2RAvq8ydj 0S12k2FJDiTFFQob3HCf5fYXDxgLc955pFhA1oE8ojblBG8LMaLAiPNUYUfWaAae VZ5v3awgaAltFCh8VwJfW7NOUWaDnd1eQfTnkYH0Wt0NDHcY5gjnRNyQePQKL9nU WyBACf4E8s/nPcpQJaZvgv0eiv0ncNGt2+ooXFo20BU72xu9xzXDq/HMMu2LIIL7 X5Gh8NtWwRuT0Bsrs61cfL3oFoK91AexniJQQPyfzrSEfT81yi1YtmBkSoVZ8Zvw j9xoQMSMPUgvGv2afIGM =oclT -----END PGP SIGNATURE-----
Current thread:
- imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo (Dec 01)
- Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) cve-assign (Dec 02)