[Pkg-gmagick-im-team] Bug#685903: libmagick++5: Fails an assertion due to OpenMP related problem (DoS possible)
Bastien ROUCARIES
roucaries.bastien at gmail.com
Mon Aug 27 09:14:52 UTC 2012
On Sun, Aug 26, 2012 at 4:41 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
> * Willi Mann:
>
>> I'd like to make you aware of this imagemagick (IM) bug, which could
>> be used to conduct a DoS attack against web applications using IM as a
>> library. Note that stable is not affected, the bug only applies to
>> current testing/unstable. However, other distributions shipping newer
>> IM versions in their release versions could also be affected.
>
> I'm not sure if this is a security issue. Is it necessary that the
> image is crafted in a particular way?
>
> Could you please backport this change:
>
> http://trac.imagemagick.org/changeset?reponame=&new=8762%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c&old=8759%40ImageMagick%2Ftrunk%2FMagickCore%2Fcache-view.c
>
> , upload to unstable, and request a freeze exception from the release
> team? Thanks.
Will do today in fact. Notice that problem is larger see
http://trac.imagemagick.org/changeset/8762, we could hit this assert
during resizing
Bastien
More information about the Pkg-gmagick-im-team
mailing list