memory leak in ReadMNGImage #442
Assignees
Labels
Comments
dlemstra
added a commit
that referenced
this issue
Apr 27, 2017
dlemstra
added a commit
that referenced
this issue
Apr 27, 2017
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
This issue has been assigned CVE-2017-8345 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
on ImageMagick 7.0.5-5
The ReadMNGImage function in png.c:5402 allows attackers to cause a denial of service (memory leak) via a crafted file.
#identify $FILE
Direct leak of 20664 byte(s) in 1 object(s) allocated from:
#0 0x7f06b7672b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x720ada in ReadMNGImage coders/png.c:5402
#3 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#4 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#5 0x7f1855 in PingImage MagickCore/constitute.c:226
#6 0x7f1e08 in PingImages MagickCore/constitute.c:327
#7 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#8 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#9 0x40f839 in MagickMain utilities/magick.c:149
#10 0x40fa06 in main utilities/magick.c:180
#11 0x7f06b2981b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
20664 byte(s) leaked in 1 allocation(s).
testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadMNGImage-4.mng
Author: ADLab of Venustech
The text was updated successfully, but these errors were encountered: