You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
=================================================================
==9914==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5203595 at pc 0x829fe4b bp 0xbff59328 sp 0xbff5931c
READ of size 1 at 0xb5203595 thread T0
#0 0x829fe4a in PushShortPixel MagickCore/quantum-private.h:276
#1 0x82a3622 in ParseImageResourceBlocks coders/psd.c:818
#2 0x82abdd7 in ReadPSDImage coders/psd.c:2268
#3 0x83dc706 in ReadImage MagickCore/constitute.c:542
#4 0x83ded61 in ReadImages MagickCore/constitute.c:911
#5 0x868c38a in ConvertImageCommand MagickWand/convert.c:643
#6 0x875c181 in MagickCommandGenesis MagickWand/mogrify.c:184
#7 0x804b69f in MagickMain utilities/magick.c:149
#8 0x804b8d5 in main utilities/magick.c:180
#9 0xb6f86af2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19af2)
#10 0x804b130 (/home/afl/ImageMagick/utilities/magick+0x804b130)
0xb5203595 is located 0 bytes to the right of 21-byte region [0xb5203580,0xb5203595)
allocated by thread T0 here:
#0 0xb721d88a in __interceptor_malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e88a)
#1 0x8082e98 in AcquireMagickMemory MagickCore/memory.c:468
#2 0x8082edb in AcquireQuantumMemory MagickCore/memory.c:541
#3 0x82abc2e in ReadPSDImage coders/psd.c:2257
#4 0x83dc706 in ReadImage MagickCore/constitute.c:542
#5 0x83ded61 in ReadImages MagickCore/constitute.c:911
#6 0x868c38a in ConvertImageCommand MagickWand/convert.c:643
#7 0x875c181 in MagickCommandGenesis MagickWand/mogrify.c:184
#8 0x804b69f in MagickMain utilities/magick.c:149
#9 0x804b8d5 in main utilities/magick.c:180
#10 0xb6f86af2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19af2)
SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/quantum-private.h:276 PushShortPixel
Shadow bytes around the buggy address:
0x36a40660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36a40670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36a40680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36a40690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36a406a0: fa fa fa fa 00 00 01 fa fa fa 00 00 04 fa fa fa
=>0x36a406b0: 00 00[05]fa fa fa fd fd fd fd fa fa fd fd fd fd
0x36a406c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x36a406d0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x36a406e0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x36a406f0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x36a40700: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==9914==ABORTING
Prerequisites
Description
I used fuzz technology to fuzz the imagemagick and found a heap overflow bug.
Steps to Reproduce
./magick convert $POC /dev/null
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-11 Q16 i686 2018-08-16 https://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: https://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in):
Environment (Operating system, version and so on):
Ubuntu 16.04 LTS x86 arch
abc@ubuntu:/Desktop/ImageMagick$ uname -a
Linux ubuntu 4.13.0-36-generic #4016.04.1-Ubuntu SMP Fri Feb 16 23:26:51 UTC 2018 i686 i686 i686 GNU/Linux
May I know whether this can be assigned with a CVE ID?
The text was updated successfully, but these errors were encountered: