Hi, These issues are similar, both fixed by [0]. Upstream claims to have fixed CVE-2019-13306 via [1] but this is wrong, [1] is reverted by [0]. I took some time to investigate this vulnerability. Unless I am mistaken, this allows for arbitrary stack buffer overflow up to 10 bytes via pixel luma values. My exploitation skills are limited, but this could be an exploitable vulnerability. I think this should be fixed, at least via point release? regards, Hugo [0] https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d [1] https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature