Re: CVE-2017-14103 / graphicsmagick
Brian May <firstname.lastname@example.org> writes:
> Test version now includes fixes for more CVEs. I did not patch
> CVE-2017-14733, because I couldn't find the code that the patch applies
Ok, understand CVE-2017-14733.
Images can declare ncolor channels==1 (greyscale only) or ==2 (makes no
Trouble is, when alpha channel present and we are processing this, we
assume we have at least 3 bytes per pixel: RGB, which just isn't going
At least that is my understanding reading the code.
Will make fix for this also.
Brian May <email@example.com>