Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak in ReadBMPImage in coder/bmp.c and ReadVIFFImage in coder/viff.c. #1600

Closed
Young-X opened this issue Jun 18, 2019 · 2 comments
Closed
Labels
Milestone

Comments

@Young-X
Copy link

Young-X commented Jun 18, 2019

Prerequisites

  • [ Y ] I have written a descriptive issue title
  • [ Y ] I have verified that I am using the latest version of ImageMagick
  • [ Y ] I have searched open and closed issues to ensure it has not already been reported

Description

There are two memory leak issues in ReadBMPImage in coder/bmp.c and ReadVIFFImage in coder/viff.c.

There is a patch 3b48d20, which fixed multiple memory leak vulnerabilities.

However, the patch for ReadBMPImage is wrong.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
-            image=DestroyImageList(image);
+            status=MagickFalse;
            return((Image *) NULL);
          }

Below is the correct logic.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
-            image=DestroyImageList(image);
-            return((Image *) NULL);
+            status=MagickFalse;
+            break;
          }

https://github.com/ImageMagick/ImageMagick/blob/master/coders/bmp.c#L1508

At the same time, there is the same issue in ReadVIFFImage.

        if (GetNextImageInList(image) == (Image *) NULL)
          {
            image=DestroyImageList(image);
            return((Image *) NULL);
           }

https://github.com/ImageMagick/ImageMagick/blob/master/coders/viff.c#L774

Steps to Reproduce

System Configuration

  • ImageMagick version:
  • Environment (Operating system, version and so on):
  • Additional information:
@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jun 18, 2019
@dlemstra dlemstra added this to the 7.0.8-50 milestone Jun 18, 2019
@nohmask
Copy link

nohmask commented Jul 3, 2019

This was assigned CVE-2019-13133 and CVE-2019-13134.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants