oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)

From: <cve-assign () mitre org>
Date: Fri, 2 Dec 2016 13:07:34 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556



AddressSanitizer: heap-buffer-overflow
READ of size 4

    #0 0x7f897b123266 in IsPixelGray 
    ImageMagick-7.0.3-8/./MagickCore/pixel-accessor.h:507:30


Use CVE-2016-9773 for the vulnerability present in "an updated version
which includes the fix for CVE-2016-9556."

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYQbZTAAoJEHb/MwWLVhi23/0P/jjSc66cYiN9RO+COylm6tXV
eTJyErBTaBEPif0I/0OYuYrXP40EIgUGFjCBYuCWpTkMabqw1/aOaSSSIc5fXfAg
fuRpgddBCSmSsncTcivJGJw8mfRC7kRb9pxkmxcxRbC9JibW42OzFTo9Yzc0cpuE
HENOhxL7n26ZJw3dc+y+tGZUXynLARe/93DFkpw03twLFE8pqSffRdPTSveQb6j/
6GTuHdLYFmmqTFXVk3TGntbgQmKSFhodi6T5te9pTXdwSl336yAswbL7XSECXJeZ
mr2RWFxCP3r9pGFPIfSGuuO4N5dkOOM/x94G5JgqYO+BBxMMdTSqwuLKZYLnmPju
xYalu2woeXhb6I9LRiKVw6+kAGJTo3tTnhLk3P1p8gnYug5gcr6k1TP2RAvq8ydj
0S12k2FJDiTFFQob3HCf5fYXDxgLc955pFhA1oE8ojblBG8LMaLAiPNUYUfWaAae
VZ5v3awgaAltFCh8VwJfW7NOUWaDnd1eQfTnkYH0Wt0NDHcY5gjnRNyQePQKL9nU
WyBACf4E8s/nPcpQJaZvgv0eiv0ncNGt2+ooXFo20BU72xu9xzXDq/HMMu2LIIL7
X5Gh8NtWwRuT0Bsrs61cfL3oFoK91AexniJQQPyfzrSEfT81yi1YtmBkSoVZ8Zvw
j9xoQMSMPUgvGv2afIGM
=oclT
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: