Skip to content

Use of uninitialized value in function ReadCUTImage #1599

Closed
@YangY-Xiao

Description

@YangY-Xiao

Prerequisites

  • [ y ] I have written a descriptive issue title
  • [ y ] I have verified that I am using the latest version of ImageMagick
  • [ y ] I have searched open and closed issues to ensure it has not already been reported

Description

  /* ----- Load RLE compressed raster ----- */
  BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk,
    sizeof(*BImgBuff));  /*Ldblk was set in the check phase*/
  if(BImgBuff==NULL) goto NoMemory;

  offset=SeekBlob(image,6 /*sizeof(Header)*/,SEEK_SET);

(https://github.com/ImageMagick/ImageMagick/blob/master/coders/cut.c#L552)

We should initialize the BImgBuff, otherwise an use-of-uninitialized vulnerability occurs, which is similar to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6780 (fixed in a85ab26 and 81bfff2 ) and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5710 (fixed in ce433f8 and 81bfff2).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions