On Tue, 11 Sep 2018 at 03:11, Magnus Bergman
<magnus.berg...@snisurset.net> wrote:
> On Tue, 11 Sep 2018 00:07:27 +0200
> Bastien Nocera <had...@hadess.net> wrote:
> > No, it really isn't:
> > https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
> >
> > We want to have less CVEs, not more.
> I see what you mean. A few of them (although none of the more serious
> ones) were even related to the GIF loader specifically. But the sheer
> volume kind of speaks for itself otherwise. :(

IM joined Google's OSS-Fuzz programme last year:


The huge surge in CVEs was caused by that --- they've been fixing one
or two a day ever since. Once they are through this very painful
process, IM ought to be rather safe.

I do agree though that it's a large and complex thing to use for such
a (relatively) simple task.

gtk-devel-list mailing list

Reply via email to