oss-sec mailing list archives
Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 02 Dec 2016 19:16:04 +0100
On Friday 02 December 2016 13:07:34 cve-assign () mitre org wrote:
https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-over flow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556 AddressSanitizer: heap-buffer-overflow READ of size 4 #0 0x7f897b123266 in IsPixelGray ImageMagick-7.0.3-8/./MagickCore/pixel-accessor.h:507:30Use CVE-2016-9773 for the vulnerability present in "an updated version which includes the fix for CVE-2016-9556."
The updated version which includes the fix for CVE-2016-9556 is 7.0.3.8 ( as stated under the affected version 'field'. Anyway, upstream added a patch for this issue: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo (Dec 01)
- Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) cve-assign (Dec 02)
- Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) Agostino Sarubbo (Dec 02)
- Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556) cve-assign (Dec 02)