[Secure-testing-team] Bug#832887: CVE-2016-4563 The TraceStrokePolygon function in MagickCore/draw.c
Bastien ROUCARIES
roucaries.bastien at gmail.com
Fri Jul 29 10:08:02 UTC 2016
Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
control: fixed -1 8:6.7.7.10-5+deb7u7
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick
before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship
between the BezierQuantum value and certain strokes data, which allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted file.
More information about the Secure-testing-team
mailing list