Summary
While fuzzing ImageMagick using AFL - We came across a heap overflow vulnerability which is vulnerable in 7.1.1-4,5&6.
MagickCore/quantum-import.c:3544
PoC
- git clone https://github.com/ImageMagick/ImageMagick.git
- ./configure CC=afl-clang-fast CXX=afl-clang-fast++ --disable-shared
- AFL_USE_ASAN=1 make -j$(nproc)
- run ./magick convert heapoverflow-poc /dev/null or ./magick heapoverflow-poc /dev/null
- The program will crash like see below :
Summary
While fuzzing ImageMagick using AFL - We came across a heap overflow vulnerability which is vulnerable in 7.1.1-4,5&6.
MagickCore/quantum-import.c:3544
PoC