Skip to content

heap-buffer-overflow in 7.0.7-26 #1020

Closed
@netoico

Description

@netoico

root@vultr:/opt/poc# convert --version
Version: ImageMagick 7.0.7-26 Q16 x86_64 2018-03-05 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib djvu fftw fontconfig fpx freetype jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff webp wmf x xml zlib

root@vultr:/opt/poc# convert tif_heap-buffer-overflow dev/null
=================================================================
==13394==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c00000c97c at pc 0x7f856a3bc674 bp 0x7ffc3e5db890 sp 0x7ffc3e5db880
READ of size 4 at 0x60c00000c97c thread T0
    #0 0x7f856a3bc673 in ReadTIFFImage coders/tiff.c:2018
    #1 0x7f85697723e0 in ReadImage MagickCore/constitute.c:497
    #2 0x7f856977542a in ReadImages MagickCore/constitute.c:867
    #3 0x7f8568e3e49f in ConvertImageCommand MagickWand/convert.c:641
    #4 0x7f856900897d in MagickCommandGenesis MagickWand/mogrify.c:183
    #5 0x4020d9 in MagickMain utilities/magick.c:149
    #6 0x7f856872082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x401668 in _start (/usr/local/bin/magick+0x401668)

0x60c00000c97c is located 108 bytes inside of 4294967295-byte region [0x60c00000c910,0x60c10000c90f)
==13394==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_report.cc:515 "((chunk.AllocTid() != kInvalidTid)) != (0)" (0x0, 0x0)
    #0 0x7f856aa6d631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f856aa725e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f856aa6a60c  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9d60c)
    #3 0x7f856aa6c624 in __asan_report_error (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9f624)
    #4 0x7f856aa6dbb2 in __asan_report_load4 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0bb2)
    #5 0x7f856a3bc673 in ReadTIFFImage coders/tiff.c:2018
    #6 0x7f85697723e0 in ReadImage MagickCore/constitute.c:497
    #7 0x7f856977542a in ReadImages MagickCore/constitute.c:867
    #8 0x7f8568e3e49f in ConvertImageCommand MagickWand/convert.c:641
    #9 0x7f856900897d in MagickCommandGenesis MagickWand/mogrify.c:183
    #10 0x4020d9 in MagickMain utilities/magick.c:149
    #11 0x7f856872082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #12 0x401668 in _start (/usr/local/bin/magick+0x401668)

root@vultr:/opt/poc# 

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial

https://github.com/ImageMagick/ImageMagick/files/1806047/tif_heap-buffer-overflow.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions