New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack-buffer-overflow in SetImageProgress #907
Labels
Comments
urban-warrior
pushed a commit
that referenced
this issue
Dec 21, 2017
urban-warrior
pushed a commit
that referenced
this issue
Dec 21, 2017
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
This was assigned CVE-2017-17880. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jan 8, 2018
2018-01-06 7.0.7-21 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.0-21, GIT revision 22168:a91afc45b:20180106.
2018-01-06 7.0.7-21 Dirk Lemstra <dirk@lem.....org>
* Fix some enum values in the OpenCL code.
2018-01-06 7.0.7-20 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-20, GIT revision 22161:33a04d3e5:20180105.
2018-01-05 7.0.7-20 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2018-01-01 7.0.7-19 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-19, GIT revision 22133:977fe08bf:20180101.
2017-12-29 7.0.7-19 Cristy <quetzlzacatenango@image...>
* Check for webpmux library version 0.4.4 (reference
ImageMagick/ImageMagick#896).
2017-12-26 7.0.7-18 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-18, GIT revision 22096:ad4bdeb40:20171228.
2017-12-28 7.0.7-18 Cristy <quetzlzacatenango@image...>
* Fix error reading from pipe under Windows (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33288).
2017-12-26 7.0.7-17 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-17, GIT revision 22093:9caea323b:20171227.
2017-12-26 7.0.7-17 Cristy <quetzlzacatenango@image...>
* Fix heap use after free error (reference
ImageMagick/ImageMagick#918).
2017-12-24 7.0.7-16 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-16, GIT revision 22038:e55dc7626:20171225.
2017-12-18 7.0.7-16 Cristy <quetzlzacatenango@image...>
* Fix error reading multi-layer XCF image file.
* Fix possible stack overflow in WEBP reader (reference
ImageMagick/ImageMagick#907)
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2017-12-16 7.0.7-15 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-15, GIT revision 21924:30cb31746:20171216.
2017-12-08 7.0.7-15 Cristy <quetzlzacatenango@image...>
* Overall standard deviation is the average of each pixel channel (reference
https://www.imagemagick.org/discourse-server/viewforum.php?f=3).
* Update to the latest ImageMagick documentation.
2017-12-05 7.0.7-14 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-14, GIT revision 21855:dc73b2aba:20171205.
2017-11-30 7.0.7-14 Cristy <quetzlzacatenango@image...>
* Support Stereo composite operator.
* Fix build failure with --without-modules (reference
ImageMagick/ImageMagick#890).
2017-11-30 7.0.7-13 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-13, GIT revision 21823:72cb0fd0c:20171130.
2017-11-30 7.0.7-13 Cristy <quetzlzacatenango@image...>
* Fix build failure with libraw 0.14.8 (reference
ImageMagick/ImageMagick#888).
2017-11-29 7.0.7-12 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-12, GIT revision 21814:5ef2c5a67:20171129.
2017-11-12 7.0.7-12 Cristy <quetzlzacatenango@image...>
* The -tint option no longer munges the alpha channel (reference
http://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=33070).
* Don't delete in-memory blob when reading an image (reference
ImageMagick/ImageMagick#886).
* Support HDRI color profile management.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/usr/local/bin/magick -version
Version: ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib
Trigger Command: magick convert stack-buffer-overflow-0 /dev/null
testcase: https://github.com/henices/pocs/raw/master/stack-buffer-overflow-0
Credit: zz of NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: