-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Division by Zero at MagickCore/layer.c:1616 #1629
Comments
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
This was assigned CVE-2019-13454. |
This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
hello, nohmask. I have requested two CVE IDs about the ImageMagick vulnerabilities(#1552 and ImageMagick/ImageMagick6#43) on https://cveform.mitre.org/. But I don't receive any reply yet. Do you know what happen? Thanks |
I’m sorry I don’t know. |
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
graphics/ImageMagick: security fix Revisions pulled up: - graphics/ImageMagick/Makefile.common 1.191 - graphics/ImageMagick/distinfo 1.208 --- Module Name: pkgsrc Committed By: nia Date: Fri Jul 19 09:12:13 UTC 2019 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common distinfo Log Message: ImageMagick: Update to 7.0.8-54 This update contains a number of security fixes. 2019-07-16 7.0.8-54 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-54, GIT revision 15916:e868e22:20190716. 2019-07-08 7.0.8-54 Cristy <quetzlzacatenango@image...> * resolve division by zero (reference ImageMagick/ImageMagick#1629). * introducing MagickLevelImageColors() MagickWand method. * Transient problem with text placement with gravity (reference ImageMagick/ImageMagick#1633). * Support TIM2 image format (reference ImageMagick/ImageMagick#1571). * For -magnify option, specify an alternative scaling method with -define magnify:method=method, choose from these methods: eagle2X, eagle3X, eagle3XB, epb2X, fish2X, hq2X, scale2X (default), scale3X, xbr2X. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-53, GIT revision 15828:f5d59c0:20190705. 2019-07-05 7.0.8-53 Cristy <quetzlzacatenango@image...> * Fix -fx parsing issue (reference https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36314). 2019-07-05 7.0.8-52 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-52, GIT revision 15825:ea47310:20190705. 2019-07-01 7.0.8-52 Cristy <quetzlzacatenango@image...> * Eliminate buffer overflow in TranslateEvent() (reference ImageMagick/ImageMagick#1621). 2019-06-30 7.0.8-51 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-51, GIT revision 15812:51f11c4:20190630. 2019-06-24 7.0.8-51 Cristy <quetzlzacatenango@image...> * Clone rather than copy X window name/icon. * Optimize PDF reader. 2019-06-23 7.0.8-50 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.8-50, GIT revision 15778:4a60519:20190623 2019-06-14 7.0.8-50 Dirk Lemstra <dirk@lem.....org> * Added support for reading all images from a HEIC image (reference ImageMagick/ImageMagick#1391). * Heap-buffer-overflow in MagickCore/fourier.c (reference ImageMagick/ImageMagick#1588). * Fixed a number of issues (reference https://imagemagick.org/discourse-server/viewforum.php?f=3). * Fixed a number of issues (reference https://github.com/ImageMagick/ImageMagick/issues).
Prerequisites
Description
There's a division by zero at MagickCore/layer.c:1616:30
Steps to Reproduce
run following cmd:
magick "-seed" "0" "-delay" "34<" "(" "magick:rose" "+repage" ")" "(" "magick:rose" "+repage" ")" "-encoding" "Symbol" "-layers" "remove-dups" "-quiet" "tmp"
This is triggered at
time = curr->delay*1000/curr->ticks_per_second;
due to curr->ticks_per_second.Here's USAN log.
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-54 Q16 x86_64 2019-07-07 https://imagemagick.org
Environment (Operating system, version and so on):
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Additional information:
CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined -g" CXXFLAGS="-fsanitize=address,undefined -g" ./configure --disable-openmp --without-png
The text was updated successfully, but these errors were encountered: