I'm sure there's buffer overflows in ImageMagick - probably lots of them - but y... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		0xbadcafebee on May 3, 2016 \| parent \| context \| favorite \| on: Remote code execution vulnerability in ImageMagick I'm sure there's buffer overflows in ImageMagick - probably lots of them - but yeah, you definitely don't need them. ImageMagick has been so buggy for so long, i'm pretty sure an accidentally corrupted image of a kitten sitting on a dog's head would gain root, dump your database and mail it to full-disclosure.

RachelF on May 3, 2016 [–]

Perhaps a silly question, but if address space layout randomization (ASLR) is enabled, should it no protect against buffer overflows?

0xbadcafebee on May 3, 2016 | [–]

It protects against trivial ones, but advanced buffer overflows can work around ASLR and other protections.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact