New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-use-after-free in MagickCore/resize.c and double-free in RelinquishAlignedMemory of MagickCore/memory.c #1589
Comments
|
The issues that you have reported all seem to be related to omp. Maybe you could try upgrading that library to determine if that fixes the issue? I am really wondering if this is an ImageMagick issue. |
@dlemstra |
|
Build ImageMagick as follows: Does that resolve the problem? |
|
@urban-warrior |
|
Can you check your magick-command-line? We're trying to reproduce the problem you reported but a copy/paste of your command returns an exception. |
|
@urban-warrior Is every issue I've reported impossible to produce memory bugs? exception: |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
This was assigned CVE-2019-13301. |
|
Hello, NVD says 7.0.8-50 is the vulnerable version but it seems like 7.0.8-50 already patched and contains the commit. Can you please clarify what is fixed version and what the vulnerable versions? Thanks. |
|
This was fixed in |
|
Yeah what they're doing is looking at the researcher's "ImageMagick Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10" and just plugging in 7.0.8-50, rather than verifying the current release. |
Prerequisites
Description
There are a heap-use-after-free(sometimes heap-buffer-overflow) vulnerability in MagickCore/resize.c:2604:28 in .omp_outlined.debug_.69 and a double-free bug in RelinquishAlignedMemory MagickCore/memory.c:1037:3 with the same input.
For each run, different bugs are triggered so please run the command for several times.
related: #1344
Steps to Reproduce
run cmd:
magick -seed 0 -black-point-compensation -units Undefined "(" magick:granite -opaque "rgb(224,28,104)" -gaussian-blur 2 -strip ")" "(" magick:rose -black-threshold 15 -preview Despeckle ")" -density 3x83 -stretch ExtraCondensed -copy "937x560ls" "-52-59" ""This is about Heap-use-after-free in .omp_outlined.debug_.69 MagickCore/resize.c:2604:28
This is about the heap-buffer-overflow in .omp_outlined.debug_.69 MagickCore/resize.c:2604
This is about double-free bug in RelinquishAlignedMemory of MagickCore/memory.c:1037:3
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-10
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information: CC=clang-7 CXX=clang++-7
The text was updated successfully, but these errors were encountered: