Date: Thu, 12 Aug 2004 16:21:34 +0400 From: Andrey Chernov <ache@nagual.pp.ru> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: security@FreeBSD.ORG Subject: Re: False vuxml alarms (ImageMagick) Message-ID: <20040812122134.GA97233@nagual.pp.ru> In-Reply-To: <5AA893E4-EC58-11D8-887A-00039312D914@fillmore-labs.com> References: <20040812113032.GA95675@nagual.pp.ru> <5AA893E4-EC58-11D8-887A-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 12, 2004 at 02:08:42PM +0200, Oliver Eikemeier wrote: > It _seems_ like upgrading libpng might be enough, but lets better be > safe than sorry. Upgrading ImageMagick is a good idea anyway. Upgrading libpng alone is not enough. For some bad images libpng produces now new errors, but ImageMagick not expect this new errors in his processing and continue running as in normal case. It is hard to exploit this with new libpng, but core dump will happen easily. -- Andrey Chernov | http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040812122134.GA97233>