The ReadPDBImage function in pdb.c:418 allows attackers to cause a denial of service (memory leak) via a crafted file.
#convert $FILE out.bmp
Direct leak of 1939 byte(s) in 1 object(s) allocated from:
#0 0x7f78d57fcb58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463 #2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536 #3 0x61f3a3 in ReadPDBImage coders/pdb.c:418 #4 0x7f27a7 in ReadImage MagickCore/constitute.c:497 #5 0x7f48f5 in ReadImages MagickCore/constitute.c:866 #6 0xadc3e5 in ConvertImageCommand MagickWand/convert.c:639 #7 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183 #8 0x40f839 in MagickMain utilities/magick.c:149 #9 0x40fa06 in main utilities/magick.c:180 #10 0x7f78d0b0bb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
on ImageMagick 7.0.5-5
The ReadPDBImage function in pdb.c:418 allows attackers to cause a denial of service (memory leak) via a crafted file.
#convert $FILE out.bmp
Direct leak of 1939 byte(s) in 1 object(s) allocated from:
#0 0x7f78d57fcb58 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x61f3a3 in ReadPDBImage coders/pdb.c:418
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x7f48f5 in ReadImages MagickCore/constitute.c:866
#6 0xadc3e5 in ConvertImageCommand MagickWand/convert.c:639
#7 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#8 0x40f839 in MagickMain utilities/magick.c:149
#9 0x40fa06 in main utilities/magick.c:180
#10 0x7f78d0b0bb34 in __libc_start_main (/lib64/libc.so.6+0x21b34)
1939 byte(s) leaked in 1 allocation(s).
testcase:https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadPDBImage-21.pdb
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: