New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow bug in MagickCore/quantum-private.h: #1249
Comments
Unfortunately we cannot reproduce this problem. We use valgrind and it does not return any memory corruption. The corrupt resource block requests a huge block of data but we have a check to see it exceeds the buffer extent and we gracefully exit. We're using the latest ImageMagick Github repo under Ubuntu 18.04.1. |
I have tried using asan on 64-bit machines and can't reproduce this problem, but using asan on 32-bit machines has this problem. You can try what happens on 32-bit. |
Unfortunately we do not have access to any 32-bit machines. We'll see if we can find a free service somewhere where we can utilize a 32-bit OS and try to reproduce the problem. |
Thank you, please try to use ubuntu 14.04 32-bit machine to reproduce, I will try to test on ubuntu16.04 32-bit machine. And I have two other heap overflow samples that have not been submitted, I hope you can try to run on 32-bit. |
Oh, I can successfully reproduce this problem on the ubuntu 16.04 32-bit machine. I hope you can give it a try.
|
Using Ubuntu 16.04.5 (32bit), the source from the Github trunk, and valgrind, once again we cannot reproduce the problem. Valgrind is not reporting any memory corruption, we do get an "improper header" exception as expected. Post your configure command-line and any env variables you set. We'll try reproducing your IM build and see if that tickles the bug. |
I did not set an extra ENV, just simply use gcc asan |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
Good friend, I will submit two other heap overflow samples, sorry because my three holes are all tested in the same environment. If you want to reproduce the problem, please test it in the current environment. |
This was assigned CVE-2018-16413. |
Any IM6 fix ? |
The link to the IM6 commit is below the first message of the issue. |
PoC not found under Steps to Reproduce |
Prerequisites
Description
I used fuzz technology to fuzz the imagemagick and found a heap overflow bug.
Steps to Reproduce
./magick convert $POC /dev/null
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-11 Q16 i686 2018-08-16 https://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: https://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in):
Environment (Operating system, version and so on):
Ubuntu 14.04 LTS x86 arch
$ uname -a
Linux ubuntu 4.4.0-31-generic #50~14.04.1-Ubuntu SMP Wed Jul 13 01:06:37 UTC 2016 i686 i686 i686 GNU/Linux
May I know whether this can be assigned with a CVE ID?
The text was updated successfully, but these errors were encountered: