Re: An alternative to gdk-pixbuf

From: jcupitt gmail com
Cc: gtk-devel-list <gtk-devel-list gnome org>
Subject: Re: An alternative to gdk-pixbuf
Date: Tue, 11 Sep 2018 07:40:16 +0100

On Tue, 11 Sep 2018 at 03:11, Magnus Bergman
<magnus bergman snisurset net> wrote:

On Tue, 11 Sep 2018 00:07:27 +0200
Bastien Nocera <hadess hadess net> wrote:

No, it really isn't:
https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html

We want to have less CVEs, not more.


I see what you mean. A few of them (although none of the more serious
ones) were even related to the GIF loader specifically. But the sheer
volume kind of speaks for itself otherwise. :(


IM joined Google's OSS-Fuzz programme last year:

https://github.com/google/oss-fuzz

The huge surge in CVEs was caused by that --- they've been fixing one
or two a day ever since. Once they are through this very painful
process, IM ought to be rather safe.

I do agree though that it's a large and complex thing to use for such
a (relatively) simple task.

John

Follow-Ups:
- Re: An alternative to gdk-pixbuf
  - From: Bastien Nocera

References:
- An alternative to gdk-pixbuf
  - From: Magnus Bergman
- Re: An alternative to gdk-pixbuf
  - From: Emmanuele Bassi
- Re: An alternative to gdk-pixbuf
  - From: Magnus Bergman
- Re: An alternative to gdk-pixbuf
  - From: Emmanuele Bassi
- Re: An alternative to gdk-pixbuf
  - From: Bastien Nocera
- Re: An alternative to gdk-pixbuf
  - From: Magnus Bergman
- Re: An alternative to gdk-pixbuf
  - From: Bastien Nocera
- Re: An alternative to gdk-pixbuf
  - From: Magnus Bergman
- Re: An alternative to gdk-pixbuf
  - From: Bastien Nocera
- Re: An alternative to gdk-pixbuf
  - From: Magnus Bergman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]