A heap overflow has been discovered in the ImageMagick BMP decoder. The demo BMP file is the same one which affected QT. The demo image is attachment 102533 [details]. This issue also affects RHEL2.1 Fedora Core is being hadled by bug 130806
The patch for this issue is attachment 103039 [details]
I built these into errata-candidate.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-494.html
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-480.html
FYI, as in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130806#c2 , you may wish to have a look at https://bugzilla.fedora.us/show_bug.cgi?id=2052#c10 because the patch in comment #1 may not have caught all of the vulnerabilities, if this was the only patch applied into RHSA's 2004-494 and 2004-480. -David
Our fix was obviously incomplete, we'll want to fix the correctly.
Created attachment 106788 [details] More comprehensive patch FYI, here is a more comprehensive patch for this issue we've come up with over on Fedora Legacy that we will soon be testing. -David
ImageMagic-6.0.7 seems to include these updated fixes in the upstream version, which is part of RHEL4-re1129.0 -> resolving.