Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities

Email lists > ImageMagick Developer List

Thread: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities

Search this list only Search all lists
Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities
	2007-05-18 09:36:12
See http://labs.idefense.com/intelligence/v ulnerabilities/display.php?id=496. ImageMagick 6.3.3-5 and above do not have this vulnerability and most vendors have issued updated ImageMagick releases with this vulnerability fixed for earlier releases of the package (pre 6.3.3). _______________________________________________ Magick-developers mailing list Magick-developersimagemagick.org http://studio.imagemagick.org/mailman/listinfo/m agick-developers

Re: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities
	2007-05-18 10:26:12
On 5/18/07 10:36 AM, omicronpersei8imagemagick.org wrote: > See http://labs.idefense.com/intelligence/v ulnerabilities/display.php?id=496. > ImageMagick 6.3.3-5 and above do not have this vulnerability and most > vendors have issued updated ImageMagick releases with this vulnerability > fixed for earlier releases of the package (pre 6.3.3). I either compile ImageMagick from source or use the pre-built package for OS X that is available on the ImageMagick website. I don't have a vendor that issues updated packages for my OS. Do the ImageMagick developers have a mechanism for announcing security vulnerabilities to people who build the package from source? As best I can tell, in order to receive news about ImageMagick security problems, I have to subscribe to the security announcement list of a Linux distribution I don't even use. Am I missing something? craig _______________________________________________ Magick-developers mailing list Magick-developersimagemagick.org http://studio.imagemagick.org/mailman/listinfo/m agick-developers

Re: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities
	2007-05-18 10:45:46
On 5/18/07, Craig Harman <charmanrcbi.rochester.edu> wrote: > On 5/18/07 10:36 AM, omicronpersei8imagemagick.org wrote: > > See http://labs.idefense.com/intelligence/v ulnerabilities/display.php?id=496. > > ImageMagick 6.3.3-5 and above do not have this vulnerability and most > > vendors have issued updated ImageMagick releases with this vulnerability > > fixed for earlier releases of the package (pre 6.3.3). > > I either compile ImageMagick from source or use the pre-built package > for OS X that is available on the ImageMagick website. I don't have a > vendor that issues updated packages for my OS. Do the ImageMagick Not a direct answer to your question, but if you get ImageMagick though macports then it will be updated for you: http://www.macports.org/ John _______________________________________________ Magick-developers mailing list Magick-developersimagemagick.org http://studio.imagemagick.org/mailman/listinfo/m agick-developers

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists