Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

heap-buffer-overflow at MagickCore/threshold.c:328:11 in AdaptiveThresholdImage #1609

Closed
3 tasks done
SuhwanSong opened this issue Jun 21, 2019 · 2 comments
Closed
3 tasks done

heap-buffer-overflow at MagickCore/threshold.c:328:11 in AdaptiveThresholdImage #1609

SuhwanSong opened this issue Jun 21, 2019 · 2 comments
Labels
bug
Milestone
7.0.8-50

Comments

@SuhwanSong
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have verified that I am using the latest version of ImageMagick
  • I have searched open and closed issues to ensure it has not already been reported

Description

There's a heap-buffer-overflow at MagickCore/threshold.c:328:11 in AdaptiveThresholdImage.

Steps to Reproduce

run_cmd:
magick -seed 0 -dispose Background "(" magick:netscape -lat 514x0-41 ")" "(" magick:granite -charcoal 3 -level 0%,125,0.328 ")" -combine -print "" tmp

Here's ASAN log.

==22189==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x620000001090 at pc 0x7fd7e5dd4be2 bp 0x7ffd816c3a30 sp 0x7ffd816c3a28
READ of size 4 at 0x620000001090 thread T0
    #0 0x7fd7e5dd4be1 in AdaptiveThresholdImage MagickCore/threshold.c:328:11
    #1 0x7fd7e5386cb6 in CLISimpleOperatorImage MagickWand/operation.c:2571:21
    #2 0x7fd7e537bc78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #3 0x7fd7e53a1315 in CLIOption MagickWand/operation.c:5273:16
    #4 0x7fd7e51e2a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #5 0x7fd7e51e3d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #6 0x7fd7e522dba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #7 0x526f95 in MagickMain utilities/magick.c:149:10
    #8 0x5268e1 in main utilities/magick.c:180:10
    #9 0x7fd7dfca4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #10 0x41b069 in _start (install/bin/magick+0x41b069)

Address 0x620000001090 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow MagickCore/threshold.c:328:11 in AdaptiveThresholdImage

System Configuration

  • ImageMagick version:
    Version: ImageMagick 7.0.8-50 Q16 x86_64 2019-06-21 https://imagemagick.org

  • Environment (Operating system, version and so on):
    Description: Ubuntu 18.04.1 LTS
    Release: 18.04
    Codename: bionic

  • Additional information:
    CC=clang-7 CXX=clang++-7 ./configure --disable-openmp
urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue Jun 21, 2019
https://github.com/ImageMagick/ImageMagick/issues/1609
35c7032
urban-warrior pushed a commit that referenced this issue Jun 21, 2019
https://github.com/ImageMagick/ImageMagick/issues/1609
604588f
@urban-warrior
Copy link
Member

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@dlemstra dlemstra added the bug label Jun 22, 2019
@dlemstra dlemstra added this to the 7.0.8-50 milestone Jun 22, 2019
@nohmask
Copy link

nohmask commented Jul 8, 2019

This was assigned CVE-2019-13297.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
7.0.8-50
Development

No branches or pull requests
4 participants
@dlemstra @nohmask @urban-warrior @SuhwanSong