On Tue, 11 Sep 2018 at 03:11, Magnus Bergman <magnus.berg...@snisurset.net> wrote: > On Tue, 11 Sep 2018 00:07:27 +0200 > Bastien Nocera <had...@hadess.net> wrote: > > No, it really isn't: > > https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html > > > > We want to have less CVEs, not more. > > I see what you mean. A few of them (although none of the more serious > ones) were even related to the GIF loader specifically. But the sheer > volume kind of speaks for itself otherwise. :(
IM joined Google's OSS-Fuzz programme last year: https://github.com/google/oss-fuzz The huge surge in CVEs was caused by that --- they've been fixing one or two a day ever since. Once they are through this very painful process, IM ought to be rather safe. I do agree though that it's a large and complex thing to use for such a (relatively) simple task. John _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/gtk-devel-list
