-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ImageMagick-7.0.8-11]A hang in convert #1255
Comments
This is likely a Schrödinger's cat problem. In this case the observer is interfering with the observed. Try the command without ASN. The command should complete without complaint. We request a large memory allocation from the system and the system rejects it. ImageMagick gracefully handles the exception. Another solution is to add this to your security policy:
We then get:
|
This was assigned CVE-2018-15607. |
Thanks for your reply. |
Prerequisites
Description
I use the fuzz tool test the newest version of ImageMagick,and I found a crash that will cause the program hang(more than ten minutes),and the CPU and memory will be exhausted.Note that the poc only have 19 bytes.
Steps to Reproduce
Download the pod poc.zip
and just use
magick convert poc out
,and the program will hang,the CPU and memory will be exhausted.here is the information that ASan output:
System Configuration
Inter(R) Core(TM) i7-3770 CPU @ 3.40GHz
9.7G RAM
100G Disk
looking forward to hearing from you soon:)
The text was updated successfully, but these errors were encountered: