Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible integer overflow in TIFFSeekCustomStream in coder/tiff.c #1602

Closed
Young-X opened this issue Jun 18, 2019 · 2 comments
Closed

Possible integer overflow in TIFFSeekCustomStream in coder/tiff.c #1602

Young-X opened this issue Jun 18, 2019 · 2 comments
Labels
Milestone

Comments

@Young-X
Copy link

Young-X commented Jun 18, 2019

Prerequisites

  • [ y ] I have written a descriptive issue title
  • [ y ] I have verified that I am using the latest version of ImageMagick
  • [ y ] I have searched open and closed issues to ensure it has not already been reported

Description

There is a possible integer overflow vulnerability in TIFFSeekCustomStream in coder/tiff.c

case SEEK_CUR:
    {
      if ((profile->offset+offset) < 0)
        return(-1);
      profile->offset+=offset;
      break;
} 

https://github.com/ImageMagick/ImageMagick/blob/master/coders/tiff.c#L259

This issue is similar to the one which was fixed in 8b28a87 and 114be17.

@urban-warrior
Copy link
Contributor

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jun 18, 2019
@dlemstra dlemstra added this to the 7.0.8-50 milestone Jun 18, 2019
@nohmask
Copy link

nohmask commented Jul 3, 2019

This was assigned CVE-2019-13136.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants