New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out-of-boundary in function LocaleLowercase of MagickCore/locale.c #1495
Comments
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
Mar 5, 2019
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. The IMv7 patch is 07eebcd. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Mar 20, 2019
2019-03-11 7.0.8-34 Cristy <quetzlzacatenango@image...>
* Associate one lock with each resource.
* Report exception if opening TIFF did not work out.
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
2019-03-10 7.0.8-33 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-33, GIT revision 15401:c805e3205:20190310
2019-03-06 7.0.8-33 Cristy <quetzlzacatenango@image...>
* Fix SVG conversion infinite loop (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=35591).
* Initialize primitive drawing structure after resizing.
2019-03-05 7.0.8-32 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-32, GIT revision 15386:58d9c4692:20190305
2019-03-05 7.0.8-32 Cristy <quetzlzacatenango@image...>
* Fix out-of-boundary LocaleLowerCase() @
ImageMagick/ImageMagick#1495
2019-03-04 7.0.8-31 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-31, GIT revision 15381:3122a669d:20190304
2019-03-04 7.0.8-31 Cristy <quetzlzacatenango@image...>
* -trim is no longer sensitive to the image virtual canvas.
2019-03-03 7.0.8-30 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-30, GIT revision 15376:16d2b4e6a:20190303
2019-03-03 7.0.8-30 Cristy <quetzlzacatenango@image...>
* Support define to remove additional background from an image during a
trim, e.g. -fuzz 5% -define trim:percent-background=0% -trim.
|
This was assigned CVE-2019-10714. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Description
The parameter
cmissing check in function LocaleLowercase, which may lead to out-of-boundary vulnerability.Steps to Reproduce
https://github.com/Dk0n9/MyFuzzy/blob/master/oob_LocaleLowercase_crash
magick convert oob_LocaleLowercase_crash /dev/nullIn the gdb:
System Configuration
Credit: dk from Chaitin Tech
The text was updated successfully, but these errors were encountered: