New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memory leak in ReadJNGImage #475
Comments
|
With the latest IM 7.0.5-6 compiled with afl-clang, we cannot reproduce the problem you posted. We get expected results: |
|
With the latest IM 7.0.5-6 Q16 compiled with afl-clang , and please set CFLAGS="-fsanitize=address" , it will reproduce the problem. |
dlemstra
added a commit
that referenced
this issue
May 7, 2017
dlemstra
added a commit
that referenced
this issue
May 7, 2017
|
This has been assigned CVE-2017-9262 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
on ImageMagick 7.0.5-6 Q16
The ReadJNGImage function in png.c:5241 allows attackers to cause a denial of service (memory leak) via a crafted file.
testcase: https://github.com/bestshow/p0cs/blob/master/memory-leak-in-ReadJNGImage-png5241.jng
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: