Bug 222621 - security/vuxml: Security Vulnerability in ImageMagick (CVE-2017-14741)
Summary: security/vuxml: Security Vulnerability in ImageMagick (CVE-2017-14741)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Ports Security Team
URL: https://cve.mitre.org/cgi-bin/cvename...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2017-09-26 11:48 UTC by VK
Modified: 2017-09-27 15:42 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Document CVE-2017-14741 (1.91 KB, patch)
2017-09-26 11:48 UTC, VK 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK 2017-09-26 11:48:59 UTC 
Created attachment 186737 [details]
Document CVE-2017-14741

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.

However, since upstream contains a commit for the ImageMagick-6 branch (which hasn't been tagged for update) as well, I'm adding it too.
Comment 1 Steve Wills freebsd_committer freebsd_triage 2017-09-27 15:42:32 UTC 
Committed in r450758. Thanks!