severity 416096 important thanks On Sun, Mar 25, 2007 at 11:30:23PM +0200, Moritz Muehlenhoff wrote: > I disagree about the severity. The code history of graphicksmagick/ > imagemagick makes it fairly obvious that they are both unsuitable > for processing images from untrusted sources. An afternoon of fuzzing > will most likely reveal another dozen ways to potentially trigger code > injection.
I agree that the magicks have quite a dreadful security record, and a glance at the code reinforces the impression. But even if we put up a big warning sign for uses of *magicks command line utilities, the same code paths are still touch in a number of different ways that are not immediately obvious to the end user: Each reverse dependency of libmagick9, libgraphicsmagick1, and perlmagick, rubymagick etc. is affected as well, and I don't expect users to think graphicsmagick when they start krita, or imagemagick when they run inkscape or ikiwiki. For some of the more esoteric image formats, they're also the sole providers of mime handlers. This makes me worried about the bugs that might allow code injection, but ultimately it's your (the security team's) call, so I'm lowering the severity as suggested. I'm not aware of a more secure replacement that offers a set of features comparable to *magick, unfortunately. > It might be a good idea to document this more clearly, if this isn't > done yet. I can try to do that, but for the libraries and language bindings, it's not obvious to me where to put that warning. Regards, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
