tags 383314 - patch clone 383314 -1 reassign -1 graphicsmagick retitle -1 libgraphicsmagick1: Buffer overflow in SGI parser [CVE-2006-4144] thanks
On Wed, Aug 16, 2006 at 03:51:15PM +0200, Martin Pitt wrote: > http://www.overflow.pl/adv/imsgiheap.txt reported a buffer overflow in > the SGI parser (demo exploit linked in the report). > > This has been assigned CVE-2006-4144, please mention this number in > the changelog when you fix this. > > Ubuntu patch: > > http://people.ubuntu.com/patches/imagemagick.CVE-2006-4144.diff This patch looks insufficient. In only deals sanitises user input for the run-length encoded format, but the overflow as described on the page linked above is present in the non-RLE case as well. Regards, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
