heap-buffer-overflow in MagickCore/fourier.c #1588
Comments
|
I am not sure what you are trying to do, but -complex requires FFT input. I do not see either -fft or +fft in your command line. |
@fmw42 |
SuhwanSong
changed the title
|
I followed this comment, and I found this bug still exists with --disable-openmp option. I ran the same command I've reported in this issue, and I got the similar log from ASAN. and I also found a command to trigger similar bug in the program run cmd: Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-16 https://imagemagick.org |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
urban-warrior
pushed a commit
that referenced
this issue
Jun 16, 2019
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
Jun 16, 2019
|
@urban-warrior
|
|
We cannot reproduce the heap buffer overflow with the latest ImageMagick source from the trunk. |
|
This was assigned CVE-2019-13391. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jul 19, 2019
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jul 23, 2019
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.191
- graphics/ImageMagick/distinfo 1.208
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 19 09:12:13 UTC 2019
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.0.8-54
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jan 14, 2020
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.191
- graphics/ImageMagick/distinfo 1.208
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 19 09:12:13 UTC 2019
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.0.8-54
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
May 27, 2020
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.191
- graphics/ImageMagick/distinfo 1.208
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 19 09:12:13 UTC 2019
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.0.8-54
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Oct 14, 2021
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.191
- graphics/ImageMagick/distinfo 1.208
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 19 09:12:13 UTC 2019
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.0.8-54
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jan 18, 2023
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.191
- graphics/ImageMagick/distinfo 1.208
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 19 09:12:13 UTC 2019
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
Log Message:
ImageMagick: Update to 7.0.8-54
This update contains a number of security fixes.
2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716.
2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...>
* resolve division by zero (reference
ImageMagick/ImageMagick#1629).
* introducing MagickLevelImageColors() MagickWand method.
* Transient problem with text placement with gravity (reference
ImageMagick/ImageMagick#1633).
* Support TIM2 image format (reference
ImageMagick/ImageMagick#1571).
* For -magnify option, specify an alternative scaling method with -define
magnify:method=method, choose from these methods: eagle2X, eagle3X,
eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705.
2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...>
* Fix -fx parsing issue (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314).
2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705.
2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...>
* Eliminate buffer overflow in TranslateEvent() (reference
ImageMagick/ImageMagick#1621).
2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630.
2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...>
* Clone rather than copy X window name/icon.
* Optimize PDF reader.
2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623
2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org>
* Added support for reading all images from a HEIC image (reference
ImageMagick/ImageMagick#1391).
* Heap-buffer-overflow in MagickCore/fourier.c (reference
ImageMagick/ImageMagick#1588).
* Fixed a number of issues (reference
https://imagemagick.org/discourse-server/viewforum.php?f=3).
* Fixed a number of issues (reference
https://github.com/ImageMagick/ImageMagick/issues).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Description
There is a heap buffer overflow in MagickCore/fourier.c:314:19 in .omp_outlined.debug_
Heap buffer overflow sometimes occur. To trigger this bug, please run the command for several times.
Steps to Reproduce
run cmd:
magick "-seed" "0" "-black-point-compensation" "-fuzz" "238" "(" "magick:logo" "-normalize" "-cycle" "615" ")" "(" "magick:rose" "-gaussian-blur" "4" ")" "(" "magick:granite" "-convolve" "207,117,126,202,52,59,196,21,46,216,32,49,172,14,116,115,203,20,219,21,194,58,155,117,148,208,229,218,151,151,171,239,212,207,77,212,81,32,23,137,63,164,67,85,47,13,85,96,85,86,244,168,218,41,98,108,208,221,77,5,45,117,102,5,89,150,47,36,214,0,20,255,14,83,77,191,109,40,32,245,112" ")" "-strokewidth" "58" "-complex" "subtract" "-layers" "compare-overlay" ""ASAN log about heap buffer over-flow.
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information: CC=clang-7 CXX=clang++-7
The text was updated successfully, but these errors were encountered: