Bugzilla – Bug 1016575
VUL-0: CVE-2014-9915: imagemagick: Off-by-one count when parsing an 8BIM profile
Last modified: 2017-06-08 11:04:26 UTC
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug-767240
Reference URL: https://security-tracker.debian.org/767240
Upstream commit: N/A
Upsteram issue: N/A
Upstream version fixed: 6.8.9-9
I could not find which exact commit patched this specific
vulnerability. All other issues reported here have patches
attached. Sorry for the inconvenience.
bugbot adjusting priority
The debian bug link above has a typo in it and is thus broken. This seems to
be the right one:
There's little to be found about this off-by-one count in 8BIM profile
The corresponding bugfix might have been this one, but I'm not completely sure:
The bug is over two years old and was fixed in version 6.8.9-9 according to
I still have to check our codestreams whether they're affected.
As far as I see it the related function Sync8BimProfile() is not yet existing
in any of the SLE codestreams. In openSUSE the fixed version is already in
*** Bug 1017306 has been marked as a duplicate of this bug. ***
(In reply to Matthias Gerstner from comment #4)
> As far as I see it the related function Sync8BimProfile() is not yet existing
> in any of the SLE codestreams. In openSUSE the fixed version is already in
I tend to agree.
And, in any case, 'there is a security bug somewhere in ImageMagick' is not a valid bug report.