[prev in list] [next in list] [prev in thread] [next in thread]
List: imagemagick-user
Subject: [magick-users] ImageMagick 6.3.5-9, important security updates
From: arcanaimperii () imagemagick ! org
Date: 2007-09-17 17:35:24
Message-ID: 200709171735.l8HHZOIh022538 () studio ! imagemagick ! org
[Download RAW message or body]
iDefense is planning to announce a number of security issues with
ImageMagick in releases prior to 6.3.5-9. All known security issues
are resolved with the recent release of 6.3.5-9. The issues are
predominately data driven integer overflow that potentially cause less
memory to be allocated than required. We have addressed this security
flaw by introducing the AcquireQuantumMemory() method that accepts a
element count and size. If `count' times `size' overflow (i.e. result
greater than 4GB), we return an error. Note that there are no known
exploits for these issues but you might want to consider upgrading if
you can or to apply patches against any older versions of ImageMagick
you might be using.
_______________________________________________
Magick-users mailing list
Magick-users@imagemagick.org
http://studio.imagemagick.org/mailman/listinfo/magick-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic