Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels #83

Closed
moshekaplan opened this issue Jan 13, 2016 · 10 comments

Comments

Projects
None yet
3 participants
@dlemstra

This comment has been minimized.

Copy link
Member

commented Jan 15, 2016

Can you give it another try? And thank you for sending us this fuzz reports 👍

@moshekaplan

This comment has been minimized.

Copy link
Author

commented Jan 15, 2016

@moshekaplan

This comment has been minimized.

Copy link
Author

commented Jan 15, 2016

@dlemstra

This comment has been minimized.

Copy link
Member

commented Jan 15, 2016

Can you give it another try?

@moshekaplan

This comment has been minimized.

Copy link
Author

commented Jan 17, 2016

The bug appears to have been resolved.

@dlemstra dlemstra closed this Jan 17, 2016

@attritionorg

This comment has been minimized.

Copy link

commented Feb 12, 2016

Can you link the fixing commit please?

@dlemstra

This comment has been minimized.

Copy link
Member

commented Feb 12, 2016

If you want to create a patch for this you should use the commits from 15/16 jan to psd.c

@attritionorg

This comment has been minimized.

Copy link

commented Feb 12, 2016

I don't want to create a patch. The initial reporter said the bug "appears to have been resolved", in the span of a few days of back/forth comments on this ticket. 95% of vuln-related tickets in this project include the fixing commits. This is one of four or so that do not historically, which is not the normal. I assumed that was oversight, not a developer saying "well, this vuln isn't fixed, submit a patch!" =)

If this is patched, i'm simply asking for the commit to be linked against this ticket. If it is NOT fixed, i'd respectfully ask the developers to say so, after 'moshekaplan' said "The bug appears to have been resolved".

This is only about providing definitive information showing the bug is resolved, so that ImageMagick users can properly evaluate the risk, and factor in "there is a solution available".

@dlemstra

This comment has been minimized.

Copy link
Member

commented Feb 14, 2016

I think you misunderstood my remark. I thought you wanted to create a patch yourself that you can use in an older version of ImageMagick. This issue has been fixed in the following patches:

280215b
198fffa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.