Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadICONImage #457

Closed
bestshow opened this issue Apr 28, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@bestshow
Copy link

commented Apr 28, 2017

on ImageMagick 7.0.5-5

The ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.

#convert $FILE out.bmp

Direct leak of 4194312 byte(s) in 1 object(s) allocated from:
#0 0x7f76bc60fb58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x586f65 in ReadICONImage coders/icon.c:452
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x7f48f5 in ReadImages MagickCore/constitute.c:866
#6 0xadc3e5 in ConvertImageCommand MagickWand/convert.c:639
#7 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#8 0x40f839 in MagickMain utilities/magick.c:149
#9 0x40fa06 in main utilities/magick.c:180
#10 0x7f76b791eb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

4194312 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadICONImage-18.ico
Credit:ADLab of Venustech

@dlemstra dlemstra added the bug label May 2, 2017

dlemstra added a commit that referenced this issue May 3, 2017

dlemstra added a commit that referenced this issue May 3, 2017

@dlemstra dlemstra closed this May 7, 2017

@nohmask

This comment has been minimized.

Copy link

commented Sep 8, 2017

This was assigned CVE-2017-9405.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.