User Activity
-
Modified
ticket #764
on
GraphicsMagick
CVE-2026-28690
-
Posted
a comment
on
ticket #764
on
GraphicsMagick
Change set 18010:967c71e2b740 provides necessary error handling for ImageToBlob(), as well as to assure that no more than 256 colors will be supplied to the MNG PLTE chunk.
-
Posted
a comment
on
ticket #764
on
GraphicsMagick
If CVEs provided adequate and complete descriptions of an issue, then the information could be used to immediately attack existing code. So they use vague obtuse descriptions which mean almost nothing. Based on the last part of the ImageMagick edits, there may have been an overflow of the image colormap.
-
Posted
a comment
on
ticket #764
on
GraphicsMagick
I did a search and see that CVE-2026-28690 is about a MNG encoder stack buffer overflow rather than a use of a null pointer in the JNG encoder. The ImageMagick project may have made other fixes while claiming to address CVE-2026-28690. It would be useful to know the details about where this stack buffer overflow happens. Are you able to determine this? I do recall solving several MNG stack overflow issues in the past.
-
Posted
a comment
on
ticket #765
on
GraphicsMagick
Petr, much thanks for bringing ImageMagick CVE issues which also apply to GraphicsMagick to my attention.
-
Modified
ticket #765
on
GraphicsMagick
CVE-2026-30883
-
Posted
a comment
on
ticket #765
on
GraphicsMagick
Mercurial changeset 18009:a0855348fb11 "coders/png.c (png_write_raw_profile): Detect and report an excessively large profile, and other unexpected conditions.", should address this issue, and a few others.
-
Modified
ticket #765
on
GraphicsMagick
CVE-2026-30883
Personal Data
- Username:
- bfriesen
- Joined:
- 2000-12-30 16:10:24
- Location:
- Dallas / United States / CDT
- Gender:
- Male
Projects
This is a list of open source software projects that Bob Friesenhahn is associated with:
- GraphicsMagick Swiss army knife of image processing Last Updated:
- JMagick Last Updated:
- TclMagick Last Updated:
-
WebMagick Web Gallery Generator Last Updated:
- libjpeg Last Updated:
- pkgbuild Last Updated:
- wvWare Last Updated:
