Lyx for Windows installer 2.3.3-1 installs ImageMagick 7.0.7-27. This version is subject to multiple buffer overflows (stack and heap) and several other vulnerabilities, allowing remote code execution if the user opens a LyX document incorporating a specially-crafted image.
Solution: Upgrade to ImageMagick 7.0.8-56 or newer in the LyX installer package.
-- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel
