Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A null pointer dereferene in ImageMagick/MagickCore/log.c #1224

Closed
boo0m opened this issue Jul 23, 2018 · 2 comments
Closed

A null pointer dereferene in ImageMagick/MagickCore/log.c #1224

boo0m opened this issue Jul 23, 2018 · 2 comments
Labels

Comments

@boo0m
Copy link

boo0m commented Jul 23, 2018

Prerequisites

  • [Y] I have written a descriptive issue title
  • [Y] I have verified that I am using the latest version of ImageMagick
  • [Y] I have searched open and closed issues to ensure it has not already been reported

Description

In ImageMagick/MagickCore/log.c:675, we can see a function GetNextValueInLinkedList().
p=(LogInfo *) GetNextValueInLinkedList(log_cache);, then the code use p->event_mask in the line 676 but don't check the point p. In the function GetNextValueInLinkedList(), it will return NULL point if list_info->next == (ElementInfo *) NULL.
In ImageMagick/MagickCore/coder.c:350, we can see the code check the value of option, but in ImageMagick/MagickCore/log.c, we don't have this check.

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jul 23, 2018
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jul 24, 2018
@nohmask
Copy link

nohmask commented Sep 3, 2018

This was assigned CVE-2018-16328.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants