[Pkg-gmagick-im-team] Bug#942578: imagemagick: CVE-2019-17540: heap-based buffer overflow in ReadPSInfo in coders/ps.c

Hugo Lefeuvre hle at debian.org
Fri Oct 18 13:31:15 BST 2019

Source: imagemagick
Version: 8:
Severity: important


imagemagick is affected by CVE-2019-17540, a heap-based buffer overflow in
ReadPSInfo in coders/ps.c.

There are very few information online regarding this vulnerability. I had a
look and found the following four commits:


this looks like what we are searching for; a buffer overflow WRITE of size
1 in ReadPSInfo. I will contact Dirk Lemstra and ask for more information.


[0] https://security-tracker.debian.org/tracker/CVE-2019-17540

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20191018/fc9acc41/attachment.sig>

More information about the Pkg-gmagick-im-team mailing list