iDefense is planning to announce a number of security issues
with
ImageMagick in releases prior to 6.3.5-9. All known
security issues
are resolved with the recent release of 6.3.5-9. The issues
are
predominately data driven integer overflow that potentially
cause less
memory to be allocated than required. We have addressed
this security
flaw by introducing the AcquireQuantumMemory() method that
accepts a
element count and size. If `count' times `size' overflow
(i.e. result
greater than 4GB), we return an error. Note that there are
no known
exploits for these issues but you might want to consider
upgrading if
you can or to apply patches against any older versions of
ImageMagick
you might be using.
_______________________________________________
Magick-announce mailing list
Magick-announce imagemagick.org
http://studio.imagemagick.org/mailman/listinfo/mag
ick-announce
|