Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadPDBImage #460

bestshow opened this issue Apr 28, 2017 · 1 comment


None yet
3 participants
Copy link

commented Apr 28, 2017

on ImageMagick 7.0.5-5

The ReadPDBImage function in pdb.c:418 allows attackers to cause a denial of service (memory leak) via a crafted file.

#convert $FILE out.bmp

Direct leak of 1939 byte(s) in 1 object(s) allocated from:
#0 0x7f78d57fcb58 in __interceptor_malloc ../../../../libsanitizer/asan/
#1 0x43ecdb in AcquireMagickMemory MagickCore/memory.c:463
#2 0x43ed2f in AcquireQuantumMemory MagickCore/memory.c:536
#3 0x61f3a3 in ReadPDBImage coders/pdb.c:418
#4 0x7f27a7 in ReadImage MagickCore/constitute.c:497
#5 0x7f48f5 in ReadImages MagickCore/constitute.c:866
#6 0xadc3e5 in ConvertImageCommand MagickWand/convert.c:639
#7 0xc10308 in MagickCommandGenesis MagickWand/mogrify.c:183
#8 0x40f839 in MagickMain utilities/magick.c:149
#9 0x40fa06 in main utilities/magick.c:180
#10 0x7f78d0b0bb34 in __libc_start_main (/lib64/

1939 byte(s) leaked in 1 allocation(s).
Credit: ADLab of Venustech

@dlemstra dlemstra added the bug label May 2, 2017

dlemstra added a commit that referenced this issue May 3, 2017

dlemstra added a commit that referenced this issue May 3, 2017

@dlemstra dlemstra closed this May 7, 2017


This comment has been minimized.

Copy link

commented Sep 8, 2017

This was assigned CVE-2017-9439.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.