Comment 6 for bug 9469

From: Daniel Kobras <email address hidden>
Subject: Bug#278401: imagemagick: Buffer overflow in EXIF parser (CAN-2004-0981).
Date: Tue, 26 Oct 2004 20:10:19 +0200
Message-ID: <email address hidden>

> Package: imagemagick
> Version: 6:6.0.6.2-1.4
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> A buffer overflow in imagemagick's EXIF parsing routine was fixed in
> version 6.1.0: Trying to query EXIF information of a malicious image
> file might result in execution of arbitrary code. The fix in 6.1.0 was
> slightly buggy. An improved version is to appear in 6.1.2, and is also
> attached to this report. The security team has assigned CAN-2004-0981 to
> this issue. Our versions in woody and sarge/sid are affected.
>
> Ryuichi, unless you object I'd like to prepare NMUs 4:5.4.4.5-1woody4
> and 6:6.0.6.2-1.5 to resolve this issue.
OK
> Regards,
>
> Daniel.