[Pkg-gmagick-im-team] Bug#559775: [imagemagick][ CVE-2008-3134] News from upstream

Bastien ROUCARIES roucaries.bastien+imagemagick at gmail.com
Fri Jan 1 12:42:19 UTC 2010

About CVE-2008-3134 (bcc Petr because it seems to be in charge of imagemagick 
at suse)

>We had reviewed CVE-2008-3134 when it was first released and determined that 
>the ImageMagick releases at that time did not suffer from the vulnerabilities. 
>Its possible that older versions of ImageMagick (circa 2002) might have the 
>vulnerabilities. DOS vulnerabilities are addressed with the -limit option. 
>Its perfectly valid, for example, to convert a 200000x200000 pixel image but 
>it may be disruptive to a multi-user system. A solution may be to set the 
>disk limit to say 1GB so that any image that exceeds the limit causes 
>ImageMagick to exit. You can set a system wide policy in recent releases of 
>ImageMagick. Just edit policy.xml


We will therefore close thiis bug report, if nobody disagree.



More information about the Pkg-gmagick-im-team mailing list