iDefense is planning to announce a number of security issues with ImageMagick in releases prior to 6.3.5-9. All known security issues are resolved with the recent release of 6.3.5-9. The issues are predominately data driven integer overflow that potentially cause less memory to be allocated than required. We have addressed this security flaw by introducing the AcquireQuantumMemory() method that accepts a element count and size. If `count' times `size' overflow (i.e. result greater than 4GB), we return an error. Note that there are no known exploits for these issues but you might want to consider upgrading if you can or to apply patches against any older versions of ImageMagick you might be using. _______________________________________________ Magick-developers mailing list Magick-developers@imagemagick.org http://studio.imagemagick.org/mailman/listinfo/magick-developers
