This bug was fixed in the package imagemagick - 8:6.8.9.9-7
---
imagemagick (8:6.8.9.9-7) unstable; urgency=low
* Fix various minor security issues
- Fix an integer overflow that can lead to a buffer overrun
in the icon parsing code (LP: #1459747, closes: #806441)
- F
That bug only works on 32 bit systems because ReadBlobLSBLong() reads 4
bytes and returns an "unsigned int" which is then stored in a "size_t"
(the length variable) which is usually 64 bit on 64 bit systems. So
length+14 does not overflow and the huge memory allocation simply fails.
Note that old
https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1459747
Title:
Integer and Buffer overflow in coders/icon.c
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1459747
Title:
Integer and Buffer overflow in coders/icon.c
To manage notification
