New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow bug in PushShortPixel MagickCore/quantum-private.h:276 #1251
Closed
3 tasks done
Comments
|
I have updated your post because you are linking unrelated issues. Please put the trace in a code block (```) next time. |
|
Did you try the POC against the latest Github trunk? We did and could not reproduce the heap overflow. |
|
okay,Thanks |
|
This was assigned CVE-2018-16413. |
|
Additional info: #1250 (comment) |
|
PoC not found under Steps to Reproduce |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Description
I used fuzz technology to fuzz the imagemagick and found a heap overflow bug.
Steps to Reproduce
./magick convert $POC /dev/nullSystem Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-11 Q16 i686 2018-08-16 https://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: https://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in):
Environment (Operating system, version and so on):
Ubuntu 16.04 LTS x86 arch
abc@ubuntu:/Desktop/ImageMagick$ uname -a
Linux ubuntu 4.13.0-36-generic #4016.04.1-Ubuntu SMP Fri Feb 16 23:26:51 UTC 2018 i686 i686 i686 GNU/Linux
May I know whether this can be assigned with a CVE ID?
The text was updated successfully, but these errors were encountered: