out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels #83
Comments
|
Can you give it another try? And thank you for sending us this fuzz reports 👍 |
|
Still appears to be present: See poc3 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533442/comments/4 |
|
poc4 may also be useful: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533442/comments/5 |
|
Can you give it another try? |
|
The bug appears to have been resolved. |
|
Can you link the fixing commit please? |
|
If you want to create a patch for this you should use the commits from 15/16 jan to psd.c |
|
I don't want to create a patch. The initial reporter said the bug "appears to have been resolved", in the span of a few days of back/forth comments on this ticket. 95% of vuln-related tickets in this project include the fixing commits. This is one of four or so that do not historically, which is not the normal. I assumed that was oversight, not a developer saying "well, this vuln isn't fixed, submit a patch!" =) If this is patched, i'm simply asking for the commit to be linked against this ticket. If it is NOT fixed, i'd respectfully ask the developers to say so, after 'moshekaplan' said "The bug appears to have been resolved". This is only about providing definitive information showing the bug is resolved, so that ImageMagick users can properly evaluate the risk, and factor in "there is a solution available". |
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533442
The text was updated successfully, but these errors were encountered: