[magick-developers] Multiple Vendor ImageMagick DCM and XWD Buffer
Overflow Vulnerabilities
Craig Harman
charman at rcbi.rochester.edu
Fri May 18 08:26:12 PDT 2007
On 5/18/07 10:36 AM, omicronpersei8 at imagemagick.org wrote:
> See http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496.
> ImageMagick 6.3.3-5 and above do not have this vulnerability and most
> vendors have issued updated ImageMagick releases with this vulnerability
> fixed for earlier releases of the package (pre 6.3.3).
I either compile ImageMagick from source or use the pre-built package
for OS X that is available on the ImageMagick website. I don't have a
vendor that issues updated packages for my OS. Do the ImageMagick
developers have a mechanism for announcing security vulnerabilities to
people who build the package from source? As best I can tell, in order
to receive news about ImageMagick security problems, I have to subscribe
to the security announcement list of a Linux distribution I don't even
use. Am I missing something?
craig
More information about the Magick-developers
mailing list