New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow at MagickCore/string.c:853 in DestroyStringInfo #1641
Comments
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
urban-warrior
pushed a commit
that referenced
this issue
Jul 18, 2019
urban-warrior
pushed a commit
to ImageMagick/ImageMagick6
that referenced
this issue
Jul 18, 2019
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jul 20, 2019
2019-07-18 7.0.8-55 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.8-55, GIT revision 15930:ac09240:20190718.
2019-07-18 7.0.8-55 Cristy <quetzlzacatenango@image...>
* Heap-buffer overflow (reference
ImageMagick/ImageMagick#1641
* PerlMagick test suite passes again (reference
ImageMagick/ImageMagick#1640)
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Aug 9, 2019
Fixes ImageMagick/ImageMagick#1641 (no CVE id yet) ImageMagick/ImageMagick#1644 (no CVE id yet) Removed patch included in version 7.0.8-54. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this issue
Sep 2, 2019
Fixes ImageMagick/ImageMagick#1641 (no CVE id yet) ImageMagick/ImageMagick#1644 (no CVE id yet) Removed patch included in version 7.0.8-54. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e9811b5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woodsts
pushed a commit
to woodsts/buildroot
that referenced
this issue
Sep 2, 2019
Fixes ImageMagick/ImageMagick#1641 (no CVE id yet) ImageMagick/ImageMagick#1644 (no CVE id yet) Removed patch included in version 7.0.8-54. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit e9811b5) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Description
There's a heap-buffer-overflow at MagickCore/string.c:853 in DestroyStringInfo.
Steps to Reproduce
poc
run command:
./magick convert poc /dev/null
System Configuration
ImageMagick version:
Version: ImageMagick 7.0.8-54 Q16 x86_64 2019-07-18 https://imagemagick.org
Copyright: © 1999-2019 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP(4.0)
Delegates (built-in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma openexr pangocairo png tiff webp wmf x xml zlib
Environment (Operating system, version and so on):
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
Additional information:
The text was updated successfully, but these errors were encountered: