-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in MagickCore/fourier.c #1588
Comments
I am not sure what you are trying to do, but -complex requires FFT input. I do not see either -fft or +fft in your command line. |
@fmw42 |
I followed this comment, and I found this bug still exists with --disable-openmp option. I ran the same command I've reported in this issue, and I got the similar log from ASAN.
and I also found a command to trigger similar bug in the program run cmd: Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-16 https://imagemagick.org |
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
@urban-warrior
|
We cannot reproduce the heap buffer overflow with the latest ImageMagick source from the trunk. |
This was assigned CVE-2019-13391. |
This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
Prerequisites
Description
There is a heap buffer overflow in MagickCore/fourier.c:314:19 in .omp_outlined.debug_
Heap buffer overflow sometimes occur. To trigger this bug, please run the command for several times.
Steps to Reproduce
run cmd:
magick "-seed" "0" "-black-point-compensation" "-fuzz" "238" "(" "magick:logo" "-normalize" "-cycle" "615" ")" "(" "magick:rose" "-gaussian-blur" "4" ")" "(" "magick:granite" "-convolve" "207,117,126,202,52,59,196,21,46,216,32,49,172,14,116,115,203,20,219,21,194,58,155,117,148,208,229,218,151,151,171,239,212,207,77,212,81,32,23,137,63,164,67,85,47,13,85,96,85,86,244,168,218,41,98,108,208,221,77,5,45,117,102,5,89,150,47,36,214,0,20,255,14,83,77,191,109,40,32,245,112" ")" "-strokewidth" "58" "-complex" "subtract" "-layers" "compare-overlay" ""
ASAN log about heap buffer over-flow.
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information: CC=clang-7 CXX=clang++-7
The text was updated successfully, but these errors were encountered: