Exploitable Windows installation Lyx 2.3.3 ImageMagick 7.0.7-27

John john.r.moser at gmail.com
Fri Nov 15 15:29:37 UTC 2019


Lyx for Windows installer 2.3.3-1 installs ImageMagick 7.0.7-27.  This
version is subject to multiple buffer overflows (stack and heap) and
several other vulnerabilities, allowing remote code execution if the user
opens a LyX document incorporating a specially-crafted image.

Solution:  Upgrade to ImageMagick 7.0.8-56 or newer in the LyX installer
package.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20191115/ddfade77/attachment.html>


More information about the lyx-devel mailing list