Package: imagemagick Version: 8:6.7.7.10-5 Severity: minor Tags: patch security upsteam fixed-upstream Forwarded: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23117&p=96934#p96934 X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
If MAGICK_TMPDIR point to non existant file, imagemagick will crash during retrieving a file by url. => local dos at least. Security team please assess the security risk and open a candidate CVE if needed. Will send a mail to oss-security list. Patch available here. Bastien
From e5eb27d112e0a7181df44fb70c42633c2d1c9c74 Mon Sep 17 00:00:00 2001 From: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74> Date: Fri, 5 Apr 2013 11:49:29 +0000 Subject: [PATCH] git-svn-id: https://www.imagemagick.org/subversion/ImageMagick/trunk@11698 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 --- coders/url.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/coders/url.c b/coders/url.c index 19dbd73..abab351 100644 --- a/coders/url.c +++ b/coders/url.c @@ -153,12 +153,9 @@ static Image *ReadURLImage(const ImageInfo *image_info,ExceptionInfo *exception) file=fdopen(unique_file,"wb"); if ((unique_file == -1) || (file == (FILE *) NULL)) { - read_info=DestroyImageInfo(read_info); - (void) CopyMagickString(image->filename,read_info->filename, - MaxTextExtent); ThrowFileException(exception,FileOpenError,"UnableToCreateTemporaryFile", - image->filename); - image=DestroyImageList(image); + read_info->filename); + read_info=DestroyImageInfo(read_info); return((Image *) NULL); } (void) CopyMagickString(filename,image_info->magick,MaxTextExtent); -- 1.7.10.4