Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadMPCImage #458

Closed
bestshow opened this issue Apr 28, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@bestshow
Copy link

commented Apr 28, 2017

on ImageMagick 7.0.5-5

The ReadMPCImage function in mpc.c:869 allows attackers to cause a denial of service (memory leak) via a crafted file.

#convert $FILE out.bmp

Direct leak of 771 byte(s) in 1 object(s) allocated from:
#0 0x7f02b7905b58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x5c72d9 in ReadMPCImage coders/mpc.c:869
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x7f48f5 in ReadImages MagickCore/constitute.c:866
#6 0xadc3e5 in ConvertImageCommand MagickWand/convert.c:639
#7 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#8 0x40f839 in MagickMain utilities/magick.c:149
#9 0x40fa06 in main utilities/magick.c:180
#10 0x7f02b2c14b34 in __libc_start_main (/lib64/libc.so.6+0x21b34)

771 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadMPCImage-19.mpc
Credit:ADLab of Venustech

@dlemstra dlemstra added the bug label May 2, 2017

dlemstra added a commit that referenced this issue May 3, 2017

dlemstra added a commit that referenced this issue May 3, 2017

@dlemstra dlemstra closed this May 7, 2017

@nohmask

This comment has been minimized.

Copy link

commented Sep 8, 2017

This was assigned CVE-2017-9409.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.