[Secure-testing-team] Bug#692367: [imagemagick][patch][mentors] Three Security leading to DOS

Bastien ROUCARIÈS Mon, 05 Nov 2012 04:33:19 -0800

Package: imagemagick
Version: 8:6.7.7.10-4
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org


Current imagemagick version  8:6.7.7.10-4 is unsuitable for realease due to 
(under my own analysis) three memory leaks:
  * Fix a memory leak: after setjmp used variable need to be volatile.
    Fix jpeg and png coder.
  * Fix a memory leak: in webp handling add a forgotten WebPPictureFree
  * Fix another memory leak in case of corrupted image in magick++ read 
method.

According to my own analysis the risk is only a local dos.

These bug should be nevertheless fixed before wheezy. I have prepared a package 
for stable-security if needed and I could upload in a few minutes to mentors 
if needed by security team.

Bastien

-- 
Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#692367: [imagemagick][patch][mentors] Three Security leading to DOS

Reply via email to