You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ReadEPTImage function in ept.c:204 allows attackers to cause a denial of service (memory leak) via a crafted file.
#identify $FILE
Direct leak of 5740 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463 #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536 #3 0x752cc1 in ReadEPTImage coders/ept.c:204 #4 0x7f27a7 in ReadImage MagickCore/constitute.c:497 #5 0x9e41a7 in ReadStream MagickCore/stream.c:1045 #6 0x7f1855 in PingImage MagickCore/constitute.c:226 #7 0x7f1e08 in PingImages MagickCore/constitute.c:327 #8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319 #9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183 #10 0x40f839 in MagickMain utilities/magick.c:149 #11 0x40fa06 in main utilities/magick.c:180 #12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
Direct leak of 362 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463 #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536 #3 0x752d80 in ReadEPTImage coders/ept.c:210 #4 0x7f27a7 in ReadImage MagickCore/constitute.c:497 #5 0x9e41a7 in ReadStream MagickCore/stream.c:1045 #6 0x7f1855 in PingImage MagickCore/constitute.c:226 #7 0x7f1e08 in PingImages MagickCore/constitute.c:327 #8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319 #9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183 #10 0x40f839 in MagickMain utilities/magick.c:149 #11 0x40fa06 in main utilities/magick.c:180 #12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
on ImageMagick 7.0.5-5
The ReadEPTImage function in ept.c:204 allows attackers to cause a denial of service (memory leak) via a crafted file.
#identify $FILE
Direct leak of 5740 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752cc1 in ReadEPTImage coders/ept.c:204
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
Direct leak of 362 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752d80 in ReadEPTImage coders/ept.c:210
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
6102 byte(s) leaked in 2 allocation(s).
testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadEPTImage-14.ept
Author: ADLab of Venustech
The text was updated successfully, but these errors were encountered: