-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow bug in ParseImageResourceBlocks coders/psd.c:831 #1250
Comments
Did you try the POC against the latest Github trunk? We did and could not reproduce the heap overflow. |
okay,Thanks |
This was assigned CVE-2018-16412. |
@nohmask Why is something that we cannot reproduce assigned with a CVE? |
@dlemstra I’m afraid I don’t know. This issue is stated in CVE References. |
@nohmask I always thought that you requested the CVE's and reported that here. |
@dlemstra I am only checking Imagemagick CVE. The request is done by another person. |
I cannot reproduce either. Tried on 32bit and 64bit machines. |
I was actually able to reproduce on version 7.0.8-10 and not 7.0.8-11. |
I was also able to confirm that 7.0.8-10 exhibits the behavior while 7.0.8-11 does not. This was done on Debian unstable. I was able to confirm that the specific commit which fixes the problem is 17a1a6f (for IM6 it is ImageMagick/ImageMagick6@4745eb1). Here is the ASAN output for 9d750c2 (the first ancestor of 17a1a6f):
Here is the output of ASAN for 17a1a6f:
|
As an additional note, this only happens on 32-bit x86. The first time I tried to reproduce following the OP's report I missed the "i686" in the IM version banner and I tried to reproduce in a 64-bit environment. |
PoC not found under Steps to Reproduce |
Prerequisites
Description
I used fuzz technology to fuzz the imagemagick and found a heap overflow bug.
Steps to Reproduce
./magick convert $POC /dev/null
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-11 Q16 i686 2018-08-16 https://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: https://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in):
Environment (Operating system, version and so on):
Ubuntu 16.04 LTS x86 arch
abc@ubuntu:/Desktop/ImageMagick$ uname -a
Linux ubuntu 4.13.0-36-generic #4016.04.1-Ubuntu SMP Fri Feb 16 23:26:51 UTC 2018 i686 i686 i686 GNU/Linux
May I know whether this can be assigned with a CVE ID?
The text was updated successfully, but these errors were encountered: