oss-sec mailing list archives
Re: Imagemagick fuzzing bug
From: Bastien ROUCARIES <roucaries.bastien () gmail com>
Date: Thu, 1 Jan 2015 15:41:50 +0100
On Wed, Dec 24, 2014 at 10:32 PM, Gynvael Coldwind <gynvael () coldwind pl> wrote:
Hey, Original reporter from google side here.You are aware that there is graphicsmagick which shares lots of code with im (it's an early fork)? It'd be nice to also report these issues to them if they apply. (I also reported a couple of issues in both im/gm lately and devs were always quick to fix things)Do you know if either im or gm backport fixes from each other? I fuzzed only im, so I've reported to im. I don't mind reporting to both in the future, but if they DO backport fixes, that would lead into collisions (i.e. two different fixes for one bug, makes merging harder).
Usually I ask fordebian graphickmagick to check the code condition. But to my best knowledge they do not backport, except if you ask. So you should try your image on graphicmagick and check if it crash BTW one patch was not correct please found updated patch queue here: http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/6.8.9.9-5 I have backported to 6.7.7.10 here http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian/6.7.7.10-5%2bdeb7u4 (not yet fully tested) And i plan to backport to 6.6.0.4 Bastien
Cheers, Gynvael
Current thread:
- Re: Imagemagick fuzzing bug Bastien ROUCARIES (Jan 01)
- <Possible follow-ups>
- Re: Imagemagick fuzzing bug Yury German (Jan 17)