[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: imagemagick: CVE-2019-13305/CVE-2019-13306


These issues are similar, both fixed by [0]. Upstream claims to have fixed
CVE-2019-13306 via [1] but this is wrong, [1] is reverted by [0].

I took some time to investigate this vulnerability. Unless I am mistaken,
this allows for arbitrary stack buffer overflow up to 10 bytes via pixel
luma values. My exploitation skills are limited, but this could be an
exploitable vulnerability.

I think this should be fixed, at least via point release?


[0] https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
[1] https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: