Re: An alternative to gdk-pixbuf
- From: Bastien Nocera <hadess hadess net>
- To: jcupitt gmail com
- Cc: gtk-devel-list <gtk-devel-list gnome org>
- Subject: Re: An alternative to gdk-pixbuf
- Date: Tue, 11 Sep 2018 13:22:17 +0200
On Tue, 2018-09-11 at 07:40 +0100, John Cupitt via gtk-devel-list
wrote:
On Tue, 11 Sep 2018 at 03:11, Magnus Bergman
<magnus bergman snisurset net> wrote:
On Tue, 11 Sep 2018 00:07:27 +0200
Bastien Nocera <hadess hadess net> wrote:
No, it really isn't:
https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
We want to have less CVEs, not more.
I see what you mean. A few of them (although none of the more
serious
ones) were even related to the GIF loader specifically. But the
sheer
volume kind of speaks for itself otherwise. :(
IM joined Google's OSS-Fuzz programme last year:
https://github.com/google/oss-fuzz
The huge surge in CVEs was caused by that --- they've been fixing one
or two a day ever since. Once they are through this very painful
process, IM ought to be rather safe.
I do agree though that it's a large and complex thing to use for such
a (relatively) simple task.
I maintained ImageMagick in RHEL a long time ago, it was already that
way though security issues cropped up a bit less often than every day
(!). I don't see any reason for us to want to us it.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
