On Wed, Jan 04, 2006 at 01:54:29PM -0500, Matthias Clasen wrote: > I don't doubt that there are more vulnerabilities lurking in > ImageMagick, but I don't see how this same problem occurs in > animate.c...
Which version are you looking at? The code in question recently moved from magick/animate.c to wand/animate.c. Anyway, the underlying problem is the same in all cases: A single numeric format expansion should be allowed in user-supplied strings. In animate.c, look for a call to FormatMagickString() following a comment "Form filename for multi-part images.". The format string is taken verbatim from the command line. Admittedly though, animate will rarely be called from scripts or as a mime handler, so the security impact is quite low compared to, say, convert. Regards, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
