New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memory leaks in AcquireMagickMemory of MagickCore/memory.c #1585
Comments
|
When I followed this comment, ( with this option --disable-openmp) then I got similar result with this command. run cmd: ASAN result. This bug exists when compiled with --disable-openmp option. Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-16 https://imagemagick.org |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
@urban-warrior How can I get CVE from bugs I've reported? |
|
This was assigned CVE-2019-13301. |
|
Which commits fix this CVE? |
Prerequisites
Description
There is a heap buffer overflow/heap-use-after-free vulnerability in MagickCore/resize.c:2823:28 in .omp_outlined.debug_.72 with the same input.
And also memory leaks in AcquireMagickMemory of MagickCore/memory.c:478:10
this still exists #1558
It sometimes doesn't occur so needs to be executed for several times.
I found that this bug was not reproduced but it is reproduced with certain arguments. #1500
Steps to Reproduce
run cmd:
magick "-black-point-compensation" "-weight" "63" "(" "magick:logo" "-normalize" "-resize" "892%-38-49" ")" "(" "magick:wizard" "-preview" "Spiff" "-solarize" "35%" "-cycle" "813" ")" "(" "magick:granite" "-preview" "Blur" "-draw" ""rotate" "205"" "-colors" "109" ")" "-crop" "333x497" "-print" ""This is about the heap-buffer-overflow.
And this is about heap-use-after-free.
About memory leaks in AcquireMagickMemory of MagickCore/memory.c:478:10
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information: CC=clang-7 CXX=clang++-7
(heap-buffer-overflow/heap-use-after-free are triggered when compiled with option '--disable-shared')
(memory leak is triggered when compiled without option '--disable-shared')
The text was updated successfully, but these errors were encountered: