-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in MagickCore #1156
Labels
Comments
urban-warrior
pushed a commit
that referenced
this issue
May 30, 2018
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
May 30, 2018
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
This was assigned CVE-2018-11625. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jun 3, 2018
2018-06-02 7.0.7-38 Cristy <quetzlzacatenango@image...> Release ImageMagick version 7.0.7-38, GIT revision 14409:01e395a73:20180602. 2018-05-30 7.0.7-38 <quetzlzacatenango@image...> Heap buffer overflow fix (reference ImageMagick/ImageMagick#1156). Boundary issues with -gamma option when HDRI is enabled (reference ImageMagick/ImageMagick#1151). Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts (credit to OSS Fuzz).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Description
Version: ImageMagick 7.0.7-37 Q16 x86_64 2018-05-30
It will cause heap overflow when convert the POC to other formats(gif,magick,map,pnm,sun,xpm)
Steps to Reproduce
POC
poc.zip
System Configuration
Credit:
Zongming Wang from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.
The text was updated successfully, but these errors were encountered: