[Secure-testing-team] Bug#704901: [imagemagick] Null deference during creation of tempory file

bastien ROUCARIES roucaries.bastien at gmail.com
Sun Apr 7 12:47:58 UTC 2013


Package: imagemagick
Version: 8:6.7.7.10-5
Severity: minor
Tags: patch security upsteam fixed-upstream
Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23117&p=96934#p96934
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

If MAGICK_TMPDIR point to non existant file, imagemagick will crash during retrieving a file by url.

=> local dos at least.

Security team please assess the security risk and open a candidate CVE if  needed. Will send a mail to oss-security list.

Patch available here.

Bastien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-git-svn-id-https-www.imagemagick.org-subversion-Imag.patch
Type: text/x-patch
Size: 1176 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20130407/db2cc4c8/attachment.bin>


More information about the Secure-testing-team mailing list