Skip to content

memory leak in ReadEPTImage #453

Closed
Closed
@bestshow

Description

@bestshow

on ImageMagick 7.0.5-5

The ReadEPTImage function in ept.c:204 allows attackers to cause a denial of service (memory leak) via a crafted file.

#identify $FILE

Direct leak of 5740 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752cc1 in ReadEPTImage coders/ept.c:204
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

Direct leak of 362 byte(s) in 1 object(s) allocated from:
#0 0x7fc898144b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x752d80 in ReadEPTImage coders/ept.c:210
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x9e41a7 in ReadStream MagickCore/stream.c:1045
#6 0x7f1855 in PingImage MagickCore/constitute.c:226
#7 0x7f1e08 in PingImages MagickCore/constitute.c:327
#8 0xbb97b4 in IdentifyImageCommand MagickWand/identify.c:319
#9 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#10 0x40f839 in MagickMain utilities/magick.c:149
#11 0x40fa06 in main utilities/magick.c:180
#12 0x7fc893453b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

6102 byte(s) leaked in 2 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadEPTImage-14.ept
Author: ADLab of Venustech

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions