Page 1 of 1
mitigating CVE-2018–16323
Posted: 2018-11-19T20:03:03-07:00
by dognose
I'm looking for the IM response to CVE-2018–16323.
Memory leak in XBM images.
I've tried the POC images, but nothing is apparently displayed. Wondering how to to best mitigate.. and check for proper mitigation.
ref:
https://medium.com/@ilja.bv/yet-another ... 0f048a1e12
Re: mitigating CVE-2018–16323
Posted: 2018-11-19T20:22:07-07:00
by fmw42
This was apparently fixed last July according to the changelog:
2018-07-24 7.0.8-9 Cristy <quetzlzacatenango@image...>
XBM coder leaves the hex image data uninitialized if hex value of the pixel is negative.
and
2018-07-24 6.9.10-9 Cristy <quetzlzacatenango@image...>
XBM coder leaves the hex image data uninitialized if hex value of the pixel is negative.
See
https://imagemagick.org/script/changelog.php
https://legacy.imagemagick.org/script/changelog.php
Re: mitigating CVE-2018–16323
Posted: 2018-11-20T06:49:24-07:00
by dognose
Interesting. I'm not sure why it's in the news then. Maybe it's because people have old versions installed still?
Anyway, I'll be banning that format as input.
image/x-xbitmap ASCII C program text