[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564

Brian May <bam@debian.org> writes:

> DrawDashPolygon had the following change:
> - for (i=1; (i < number_vertices) && (length >= 0.0); i++)
> + for (i=1; (i < (ssize_t) number_vertices) && (length >= 0.0); i++)

Actually just noticed this change is a NOP. Both i and number_vertices
are of type size_t.

> Alternatively, DrawDashPolygon uses DrawStrokePolygon a lot, which in
> turn uses TraceStrokePolygon, which gets on to the next CVE:
> Am inclined to:
> 1. Patch TraceStrokePolygon.
> 2. Mark CVE-2016-4563 as fixed in wheezy (but this does not mean it is
> fixed in Jessie or above - probably need to check the Jessie version first).
> 3. Mark CVE-2016-4562 as not vulnerable.

I will leave CVE-2016-4562 as vulerable. It is possible that the fixes
to TraceStrokePolygon fixed this as well as CVE-2016-4563, but we can't
tell that for certain.

> 4. Leave CVE-2016-4564 as vulnerable.
Brian May <bam@debian.org>

Reply to: