Hi!
On Sun, Mar 04, 2007 at 01:40:55PM -0600, [EMAIL PROTECTED] wrote:
> > All these do something nasty on imagemagick 6.3.3
>
> We have most of these issues fixed in ImageMagick 6.3.3-1 Beta, available
> sometime tommorrow. As we mentioned, the JP2 issues occur in the JP2
> library so a bug report should be forwarded to them. We also have a
> request into Glenn, the PNG coder module maintainer, to attend to the
> MNG problems. Because these are security issues, we will release 6.3.3-1
> within a week or two.
Please try the attached patch for MNG. It's a port of my fix for GM to
IM svn HEAD. From the handful of testcases I've looked at so far, none
have turned out to be grave security problems. (A DoS at most.) They do
show a worrying lack of robustness in the coders, though, but that's not
really news to me, either.
NB: Feel free to grab the rest of my GM patches from
http://bugs.debian.org/src:graphicsmagick or let me know if you'd
rather have me mail them to directly.
Regards,
Daniel.
Index: coders/png.c
===================================================================
--- coders/png.c (revision 6338)
+++ coders/png.c (working copy)
@@ -4737,6 +4737,8 @@
continue;
}
#ifdef MNG_INSERT_LAYERS
+ if (length < 8)
+ ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
image_width=(unsigned long) mng_get_long(p);
image_height=(unsigned long) mng_get_long(&p[4]);
#endif
