Message-Id: <E1D7AM0-0002BW-ID@k.local>
Date: Fri, 04 Mar 2005 11:48:20 +0100
From: Stefan Fritsch <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: imagemagick: information disclosure from exif thumbnails
Imagemagick (at least convert and mogrify) does not delete or update exif
thumbnails when changing an image. Therefore the thumbnail might still contain
information (like a face) that has been removed from the image.
Message-Id: <E1D7AM0- 0002BW- ID@k.local>
Date: Fri, 04 Mar 2005 11:48:20 +0100
From: Stefan Fritsch <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: imagemagick: information disclosure from exif thumbnails
Package: imagemagick
Version: 6:6.0.6.2-2.1
Severity: grave
Tags: security
Justification: user security hole
Imagemagick (at least convert and mogrify) does not delete or update exif
thumbnails when changing an image. Therefore the thumbnail might still contain
information (like a face) that has been removed from the image.
This is CAN-2005-0406 [1].
[1] http:// seclists. org/lists/ fulldisclosure/ 2005/Feb/ 0361.html
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Versions of packages imagemagick depends on:
ii libmagick6 6:6.0.6.2-2.1 Image manipulation library
-- no debconf information