imagemagick: information disclosure from exif thumbnails
Bug #13516 reported by
Debian Bug Importer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
imagemagick (Debian) |
Fix Released
|
Unknown
|
|||
imagemagick (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
Feisty |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Automatically imported from Debian bug report #298051 http://
CVE References
Changed in imagemagick: | |
assignee: | pitti → nobody |
assignee: | pitti → nobody |
Changed in imagemagick: | |
status: | Incomplete → New |
Changed in imagemagick: | |
status: | New → Incomplete |
Changed in imagemagick: | |
status: | New → Confirmed |
Changed in imagemagick: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Message-Id: <E1D7AM0- 0002BW- ID@k.local>
Date: Fri, 04 Mar 2005 11:48:20 +0100
From: Stefan Fritsch <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: imagemagick: information disclosure from exif thumbnails
Package: imagemagick
Version: 6:6.0.6.2-2.1
Severity: grave
Tags: security
Justification: user security hole
Imagemagick (at least convert and mogrify) does not delete or update exif
thumbnails when changing an image. Therefore the thumbnail might still contain
information (like a face) that has been removed from the image.
This is CAN-2005-0406 [1].
[1] http:// seclists. org/lists/ fulldisclosure/ 2005/Feb/ 0361.html
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Versions of packages imagemagick depends on:
ii libmagick6 6:6.0.6.2-2.1 Image manipulation library
-- no debconf information