Ubuntu
imagemagick package

  1. Bug #13516
  2. Comment #1

Comment 1 for bug 13516

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <E1D7AM0-0002BW-ID@k.local>
Date: Fri, 04 Mar 2005 11:48:20 +0100
From: Stefan Fritsch <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: imagemagick: information disclosure from exif thumbnails

Package: imagemagick
Version: 6:6.0.6.2-2.1
Severity: grave
Tags: security
Justification: user security hole

Imagemagick (at least convert and mogrify) does not delete or update exif
thumbnails when changing an image. Therefore the thumbnail might still contain
information (like a face) that has been removed from the image.

This is CAN-2005-0406 [1].

[1] http://seclists.org/lists/fulldisclosure/2005/Feb/0361.html

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Versions of packages imagemagick depends on:
ii libmagick6 6:6.0.6.2-2.1 Image manipulation library

-- no debconf information