oss-sec mailing list archives

CVE id request for imagemagick, libpng and tiff

From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 10 Apr 2012 04:31:34 +0200

We received 3 bug reports targeting imagemagick, libpng and tiff crashing on 
input when used with electric fence indicating memory errors on handling 
crafted input. From what I see no CVE ids have been assigned to these bugs 
yet.

Can someone assign ids?
libpng: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
(apparently fixed in 1.2.48 with a removal of the buggy function)

tiff: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668087

imagemagick: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668075

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
  - Re: CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
    - Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)