[Pkg-gmagick-im-team] Bug#692367: [imagemagick][patch][mentors] Three Security leading to DOS
Bastien ROUCARIÈS
bastien.roucaries at u-cergy.fr
Mon Nov 5 12:24:47 UTC 2012
Package: imagemagick
Version: 8:6.7.7.10-4
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Current imagemagick version 8:6.7.7.10-4 is unsuitable for realease due to
(under my own analysis) three memory leaks:
* Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
* Fix a memory leak: in webp handling add a forgotten WebPPictureFree
* Fix another memory leak in case of corrupted image in magick++ read
method.
According to my own analysis the risk is only a local dos.
These bug should be nevertheless fixed before wheezy. I have prepared a package
for stable-security if needed and I could upload in a few minutes to mentors
if needed by security team.
Bastien
--
Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan
More information about the Pkg-gmagick-im-team
mailing list