Bug 1777543 (CVE-2014-8561)
| Summary: | CVE-2014-8561 ImageMagick: convert +profile regression enters infinite loop exhausting memory | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | fedora, jhorak, mike, pahan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-30 17:35:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1777544, 1777545 | ||
| Bug Blocks: | 1777546 | ||
|
Description
Guilherme de Almeida Suckevicz
2019-11-27 19:00:03 UTC
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1777545] Affects: fedora-all [bug 1777544] Please stop opening 5 year old security issues. This does not affect recent versions. Looks like this affected versions older than 6.8.9.9 and we're currently on 6.9.10.75. I would like to hear what you are doing that is flooding my inbox instead of silence from you. Please respond. Thank you for letting me know that this not affect the current version of ImageMagick, I didn't find which versions were affected by this flaw, this is why this bug was opened. Sorry for the mistake. Any version of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 is affected by this issue. This was verified through internally available reproducer. |