[Pkg-gmagick-im-team] Bug#721273: Fwd: [Bug 1218248] Re: DoS: memory corruption while processing GIF comments.
Bastien ROUCARIES
roucaries.bastien at gmail.com
Thu Aug 29 19:13:18 UTC 2013
Package: ImageMagick
Control: severity -1 serious
Control: tags -1 + security
Control: tags -1 + patch
Control: tags -1 + fixed-upstream
Control: tags -1 + fixed-in-experimental
Control: tag -1 confirmed
>
> ---------- Message transféré ----------
> De : "Bastien ROUCARIES" <roucaries.bastien at gmail.com>
> Date : 29 août 2013 21:05
> Objet : Fwd: [Bug 1218248] Re: DoS: memory corruption while processing
GIF comments.
> À : <security at debian.org>
> Cc :
>
>> Will take care asap for stable and latter old stable testing and
unstable.
>>
>> Bastien
>>
>> ---------- Message transféré ----------
>> De : "Seth Arnold" <1218248 at bugs.launchpad.net>
>> Date : 29 août 2013 20:25
>> Objet : [Bug 1218248] Re: DoS: memory corruption while processing GIF
comments.
>> À : <roucaries.bastien+bugs at gmail.com>
>> Cc :
>>
>> ** Information type changed from Private Security to Public Security
>>
>> --
>> You received this bug notification because you are subscribed to
>> imagemagick in Ubuntu.
>> https://bugs.launchpad.net/bugs/1218248
>>
>> Title:
>> DoS: memory corruption while processing GIF comments.
>>
>> Status in “imagemagick” package in Ubuntu:
>> New
>>
>> Bug description:
>> Memory corruption while processing GIF comments. As the result
>> malloc's private stuctures are corrupted and it causes SIGABRT and
>> application crashes.
>>
>> Here is a topic on imagemagick forum: http://www.imagemagick.org
>> /discourse-server/viewtopic.php?f=3&t=23921 . You can easily reproduce
>> problem with images from this topic.
>>
>>
>> It was a problem with handling comments. '\0' symbol was places after
allocated memory buffer.
>> To fix this problem raw memory handling functions was replaced with
ConcatenateString.
>> Original code that solves this problem:
http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c
>>
>> Patch that solves problem is attached to this bug report and tested in
>> Yandex.
>>
>> To manage notifications about this bug go to:
>>
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248/+subscriptions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gmagick-im-team/attachments/20130829/65acded8/attachment.html>
More information about the Pkg-gmagick-im-team
mailing list