oss-sec mailing list archives
Re: GraphicsMagick Response To "ImageTragick"
From: David Chan <david () dchanm com>
Date: Wed, 11 May 2016 20:36:56 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 5/9/2016 12:03 PM, John Lightsey wrote:
On Mon, 2016-05-09 at 18:20 +0100, Simon McVittie wrote:On Mon, 09 May 2016 at 08:29:40 -0500, Bob Friesenhahn wrote:The "man" attack vector needs the same determination. It is similar to CVE-2016-3717 in impact, but uses a different codepath. The existing fixes for CVE-2016-3717 do not address it.
The patch which fixes the gplt vector also fixes a related vector in gs. The lack of -dSAFER when invoking Ghostscript allows for arbitrary file read/write. Sander Bos noticed that ImageMagick isn't affected by this bug. Given that the -dSAFER bug is specific to GraphicsMagick, I think a separate CVE should be assigned. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXM/pYAAoJEFNDksGFxk4g+kMH/2oeXMLdfZqup02Zq5IJ1zIf cDpU2CLrDcNyyKAC81WviR6A8jj7VX58rI4O4be/OBlO+6X6CP5PVZzERisqlqdO sIpHryXReA1rjPPDB3WWXY3ijLPVozitTmM0p+81TfHrkL0LTc/ZXUMeAEw2xRgw dzU31nAMTIKV/FS87VkTesScotDLAEXXAxeD4LEepGoxTCqVctjLvk0yXBg9tpZc LwB+2EKMA45bMo0mRNRUnSCIhQXNHSdTpjnmR53nd5BYZtVPvVy3n31QaSXmt4MF OsghVcp44/Nb8Etkictu78yHusnXa6stTctdLzRS+51XzGj6nvW4VF89T+ASl/Q= =yy3S -----END PGP SIGNATURE-----
Current thread:
- GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 08)
- <Possible follow-ups>
- GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- Re: GraphicsMagick Response To "ImageTragick" John Lightsey (May 09)
- Re: GraphicsMagick Response To "ImageTragick" David Chan (May 12)