Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When using identify -verbose $FILE on XWD files, it may emit FPE errors at multiple locations.
identify -verbose $FILE
fpe_xwd.c:490_1.xwd
ASAN:DEADLYSIGNAL ================================================================= ==19029==ERROR: AddressSanitizer: FPE on unknown address 0x7f0623a03210 (pc 0x7f0623a03210 bp 0x000000000000 sp 0x7ffc86dbd220 T0) #0 0x7f0623a0320f (/usr/lib/x86_64-linux-gnu/libX11.so.6+0x2720f) #1 0x7f0627deb295 in ReadXWDImage coders/xwd.c:490 #2 0x7f06276d4854 in ReadImage MagickCore/constitute.c:547 #3 0x7f06276d778b in ReadImages MagickCore/constitute.c:917 #4 0x7f0626f69817 in IdentifyImageCommand MagickWand/identify.c:321 #5 0x7f0626ffdde0 in MagickCommandGenesis MagickWand/mogrify.c:184 #6 0x55c1ef27bf00 in MagickMain utilities/magick.c:149 #7 0x55c1ef27c186 in main utilities/magick.c:180 #8 0x7f062675ab96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #9 0x55c1ef27b979 in _start (/home/hongxu/work/imagemagick/ImageMagick-asan/install/bin/magick+0x1979)
fpe_xwd.c:520_1.xwd
ASAN:DEADLYSIGNAL ================================================================= ==28450==ERROR: AddressSanitizer: FPE on unknown address 0x7f20a562e210 (pc 0x7f20a562e210 bp 0x000000000000 sp 0x7ffd19f36b80 T0) #0 0x7f20a562e20f (/usr/lib/x86_64-linux-gnu/libX11.so.6+0x2720f) #1 0x7f20a9a166c9 in ReadXWDImage coders/xwd.c:520 #2 0x7f20a92ff854 in ReadImage MagickCore/constitute.c:547 #3 0x7f20a930278b in ReadImages MagickCore/constitute.c:917 #4 0x7f20a8b94817 in IdentifyImageCommand MagickWand/identify.c:321 #5 0x7f20a8c28de0 in MagickCommandGenesis MagickWand/mogrify.c:184 #6 0x55b4ed9adf00 in MagickMain utilities/magick.c:149 #7 0x55b4ed9ae186 in main utilities/magick.c:180 #8 0x7f20a8385b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #9 0x55b4ed9ad979 in _start (/home/hongxu/work/imagemagick/ImageMagick-asan/install/bin/magick+0x1979)
POCs: im.zip
The text was updated successfully, but these errors were encountered:
https://github.com/ImageMagick/ImageMagick/issues/1546
ab3e2be
f663dfb
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
This was assigned CVE-2019-11472.
No branches or pull requests
Prerequisites
Description
When using
identify -verbose $FILEon XWD files, it may emit FPE errors at multiple locations.Steps to Reproduce
identify -verbose $FILEfpe_xwd.c:490_1.xwd
fpe_xwd.c:520_1.xwd
System Configuration
POCs:
im.zip
The text was updated successfully, but these errors were encountered: