Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WriteBlob assertion failed #1119

Closed
3 tasks done
schumilo opened this issue May 1, 2018 · 2 comments
Closed
3 tasks done

WriteBlob assertion failed #1119

schumilo opened this issue May 1, 2018 · 2 comments
Labels
bug

Comments

@schumilo
Copy link

schumilo commented May 1, 2018

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

Assertion fail in MagickCore/blob.c:5396: WriteBlob.

lt-magick: MagickCore/blob.c:5396: WriteBlob: Assertion `image != (Image *) NULL' failed.
Aborted (core dumped)

Found with a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL).

Credits: Sergej Schumilo, Cornelius Aschermann (Ruhr-Universität Bochum)

Steps to Reproduce

./magick assert_1 /dev/null

assert_1.zip

System Configuration

  • ImageMagick version: ImageMagick 7.0.7-29 Q16 x86_64 2018-04-30
  • Environment (Operating system, version and so on): Ubuntu 16.04.4 LTS
  • Additional information:
urban-warrior pushed a commit that referenced this issue May 1, 2018
https://github.com/ImageMagick/ImageMagick/issues/1119
3fd58ce
urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue May 1, 2018
https://github.com/ImageMagick/ImageMagick/issues/1119
1007b98
@urban-warrior
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra closed this as completed May 3, 2018
@dlemstra dlemstra added the bug label May 3, 2018
@nohmask
Copy link

nohmask commented Sep 11, 2018

This was assigned CVE-2018-16749.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@schumilo @dlemstra @nohmask @urban-warrior