Source: imagemagick Version: 8:6.9.10.23+dfsg-2.1 Severity: important Hi,
imagemagick is affected by CVE-2019-17540, a heap-based buffer overflow in ReadPSInfo in coders/ps.c. There are very few information online regarding this vulnerability. I had a look and found the following four commits: https://github.com/ImageMagick/ImageMagick/commit/668d6a970553a94b0a2e378afda1d37abac94b5c https://github.com/ImageMagick/ImageMagick/commit/9667a9034a5eeedb30dfb18cfd1083ff32fd679b https://github.com/ImageMagick/ImageMagick/commit/73dd03cfb57f8f8c0a732fa062b9966ec7bf2f91 https://github.com/ImageMagick/ImageMagick/commit/e868e227085463932c5db32e5e0f27e306a0eb95 this looks like what we are searching for; a buffer overflow WRITE of size 1 in ReadPSInfo. I will contact Dirk Lemstra and ask for more information. regards, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2019-17540 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
