clone 412945 -1
reassign -1 graphicsmagick
retitle -1 graphicsmagick: Segfault in BMP coder.
severity -1 important
clone 412945 -2
reassign -2 graphicsmagick
retitle -2 [AMD64][IA64] graphicsmagick: Segfault in ICON coder.
severity -2 important
clone 412945 -3
reassign -3 graphicsmagick
retitle -3 graphicsmagick: Multiple segfaults in JP2 coder.
severity -3 important
clone 412945 -4
reassign -4 graphicsmagick
retitle -4 graphicsmagick: Multiple segfaults in PCX coder.
severity -4 important
clone 412945 -5
reassign -5 graphicsmagick
retitle -5 graphicsmagick: Segfault in PNG coder.
severity -5 important
clone 412945 -6
reassign -6 graphicsmagick
retitle -6 graphicsmagick: Segfault in PICT coder.
severity -6 important
clone 412945 -7
reassign -7 graphicsmagick
retitle -7 graphicsmagick: Segfault in PNM coder.
severity -7 important
clone 412945 -8
reassign -8 graphicsmagick
retitle -8 graphicsmagick: Segfault during conversion from CINEON coder.
severity -8 important
clone 412945 -9
reassign -9 graphicsmagick
retitle -9 graphicsmagick: Segfault during conversion from SUN coder.
severity -9 important
clone 412945 -10
reassign -10 graphicsmagick
retitle -10 graphicsmagick: Segfault during conversion from XWD coder.
severity -10 important
clone 412945 -11
reassign -11 graphicsmagick
retitle -11 graphicsmagick: Heap corruption in JP2 coder.
severity -11 important
On Thu, Mar 01, 2007 at 05:37:39AM +0200, Sami Liedes wrote:
> The attached files all crash imagemagick (eg. XXXtojpg $filename) on
> amd64, some with SEGV, some with glibc detected heap corruption. I
> consider it quite likely that some of these are exploitable, but as
> I'm not sure, only filing as Severity: normal as to not annoy you :)
Thanks. I've done a quick screening to investigate which of those affect
graphicsmagick, and have cloned individual bugs as I'm probably unable
to deal with all of them in one go. Bug severity might change once I've
had a closer look at the individual issues. Here's the detailed list for
current graphicsmagick:
Broken import
=============
The following coders show problems on "gm identify".
bmp:
broken2.bmp ... Segmentation fault
icon (amd64 and ia64, i386 okay):
broken.cur ... Segmentation fault
jp2:
broken.jpc ... Segmentation fault
broken2.jp2 ... Segmentation fault
broken4.jp2 ... cannot get marker segment
*** glibc detected *** double free or corruption (!prev): 0x0809d1b8 ***
(hangs afterwards)
pcx:
broken.dcx ... Segmentation fault
broken.pcx ... Segmentation fault
png:
broken.mng ... Segmentation fault
pict/jpeg:
broken.pict ... Segmentation fault
pnm:
broken2.ppm ... Segmentation fault
Broken conversion
=================
The following coders show no problems on "gm identify", but break with
"gm convert" to jpg and gif.
cineon:
broken.cin ... Segmentation fault
sun:
broken.sun ... Segmentation fault
xwd:
broken.xwd ... Segmentation fault
Not affected
============
The following testcases did not show any problems with either
"gm identify" or "gm convert" on i386, amd64, and ia64.
jp2 (but affected by other testcases):
broken.jp2 ... error: no code stream found
gm identify: Unable to decode image file (broken.jp2).
broken3.jp2 ... error: no code stream found
gm identify: Unable to decode image file (broken3.jp2).
sgi:
broken.sgi ... gm identify: Improper image header (broken.sgi).
I'll look into each of these in more detail and use the separate bugs
for tracking.
Regards,
Daniel.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
