[magick-developers] BMP buffer overrun
yarrow at studio.imagemagick.org
yarrow at studio.imagemagick.org
Tue Aug 24 07:37:42 PDT 2004
Marcus Meissner of Suse has discovered and patched a buffer overrun
bug associated with decoding runlength-encoded BMP images. Since this
could permit a security exploit, a new release with the this bug fixed
is scheduled for release later today. Look for ImageMagick 6.0.6 at
ftp://ftp.imageMagick.org/pub/ImageMagick by 5PM EST. It is recommended
that all ImageMagick 6.0.? users upgrade. We will also release
ImageMagick 5.5.7-27 with the same patch for users of the 5.5.7 series.
Thanks to Marcus Meissner and Suse for bringing this exploit to our
attention.
More information about the Magick-developers
mailing list