New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadEPTImage #453

Closed
bestshow opened this Issue Apr 26, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@bestshow

bestshow commented Apr 26, 2017

on ImageMagick 7.0.5-5

The ReadEPTImage function in ept.c:204 allows attackers to cause a denial of service (memory leak) via a crafted file.

#identify $FILE

Direct leak of 5740 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752cc1 in ReadEPTImage coders/ept.c:204
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Direct leak of 362 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752d80 in ReadEPTImage coders/ept.c:210
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

6102 byte(s) leaked in 2 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadEPTImage-14.ept
Author: ADLab of Venustech

@mikayla-grace

This comment has been minimized.

Show comment
Hide comment
@mikayla-grace

mikayla-grace Apr 26, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

mikayla-grace commented Apr 26, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Apr 26, 2017

dlemstra pushed a commit that referenced this issue Apr 26, 2017

@dlemstra dlemstra added the bug label Apr 27, 2017

@carnil

This comment has been minimized.

Show comment
Hide comment
@carnil

carnil commented May 1, 2017

This is CVE-2017-8357

@dlemstra dlemstra closed this May 7, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment