[Pkg-gmagick-im-team] Bug#931449: imagemagick: CVE-2019-13305/CVE-2019-13306
Hugo Lefeuvre
hle at debian.org
Fri Aug 9 10:03:05 BST 2019
Hi,
These issues are similar, both fixed by [0]. Upstream claims to have fixed
CVE-2019-13306 via [1] but this is wrong, [1] is reverted by [0].
I took some time to investigate this vulnerability. Unless I am mistaken,
this allows for arbitrary stack buffer overflow up to 10 bytes via pixel
luma values. My exploitation skills are limited, but this could be an
exploitable vulnerability.
I think this should be fixed, at least via point release?
regards,
Hugo
[0] https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
[1] https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20190809/0944fbc7/attachment-0001.sig>
More information about the Pkg-gmagick-im-team
mailing list