I have made some patches for libfpx that fixes CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920.
The patches are available at http://cvsweb.netbsd.org/bsdweb.cgi/pkg ... h_tag=MAIN
I have tested the patches against Agustinos payloads for these CVEs and they don't crash.
Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
2 posts • Page 1 of 1