Exploitable Windows installation Lyx 2.3.3 ImageMagick 7.0.7-27
John
john.r.moser at gmail.com
Fri Nov 15 15:29:37 UTC 2019
Lyx for Windows installer 2.3.3-1 installs ImageMagick 7.0.7-27. This
version is subject to multiple buffer overflows (stack and heap) and
several other vulnerabilities, allowing remote code execution if the user
opens a LyX document incorporating a specially-crafted image.
Solution: Upgrade to ImageMagick 7.0.8-56 or newer in the LyX installer
package.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20191115/ddfade77/attachment.html>
More information about the lyx-devel
mailing list