Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

assertion failed in ResetImageProfileIterator #500

Closed
bestshow opened this issue May 23, 2017 · 7 comments

Comments

Projects
None yet
5 participants
@bestshow
Copy link

commented May 23, 2017

on Version: ImageMagick 7.0.5-8 Q16

A crafted file revealed an assertion failure in profile.c.

#./magick convert $FILE out.png
magick: MagickCore/profile.c:1303: ResetImageProfileIterator: Assertion `image != (Image *) ((void *)0)' failed.
Aborted

testcase : https://github.com/bestshow/p0cs/blob/master/assertion-failed-in-ResetImageProfileIterator-profile1303_7.0.5-8_Q16
Credit : ADLab of Venustech

@mikayla-grace

This comment has been minimized.

Copy link

commented May 23, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue May 23, 2017

Cristy

@dlemstra dlemstra added the bug label May 24, 2017

@dlemstra dlemstra closed this May 24, 2017

jsonn pushed a commit to jsonn/pkgsrc that referenced this issue May 29, 2017

wiz
Updated ImageMagick to 7.0.5.9.
2017-05-28  7.0.5-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.5-9, GIT revision 20113:8b67333:20170528.

2017-05-28  7.0.5-9 Cristy  <quetzlzacatenango@image...>
  * Transient error validating the JPEG-2000 image format (reference
    ImageMagick/ImageMagick#501).
  * Properly allocate DCM image colormap (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32063).

2017-05-26  7.0.5-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.5-8, GIT revision 20099:870a016:20170526.

2017-05-23  7.0.5-8 Cristy  <quetzlzacatenango@image...>
  * Improper allocation of memory for IM instances without threads (reference
    ImageMagick/ImageMagick#497).
  * Delete corrupt image from list (reference
    ImageMagick/ImageMagick#500).

2017-05-19  7.0.5-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.5-7, GIT revision 20078:7ce2d38:20170519.

2017-05-15  7.0.5-7 Cristy  <quetzlzacatenango@image...>
  * Support various image operators for the compare utility (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=31938).
@carnil

This comment has been minimized.

Copy link

commented Jun 8, 2017

This was assigned CVE-2017-9500

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Jun 14, 2017

he
Upgrade to ImageMagick6 version 6.9.8-10.
Upstream changes:

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-10, GIT revision 11637:eb6f363:20170610.

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Introduce SetMagickSecurityPolicy() (MagickCore) and
    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
    policy (reference ImageMagick/ImageMagick#407).

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-9, GIT revision 11625:91bb35e:20170602.

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Fix choppy bitmap font rendering (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32071).
  * Add support for 'hex:' property.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-8, GIT revision 11606:8b67333:20170528.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Transient error validating the JPEG-2000 image format (reference
    ImageMagick/ImageMagick#501).
  * Properly allocate DCM image colormap (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32063).

2017-05-26  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-7, GIT revision 11598:07d1dee:20170526.

2017-05-23  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Improper allocation of memory for IM instances without threads (reference
          ImageMagick/ImageMagick#497).
  * Delete corrupt image from list (reference
    ImageMagick/ImageMagick#500).

2017-05-19  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-6, GIT revision 11590:7ce2d38:20170519.

2017-05-15  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Support various image operators for the compare utility (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=31938).

jsonn pushed a commit to jsonn/pkgsrc that referenced this issue Jun 14, 2017

he
Upgrade to ImageMagick6 version 6.9.8-10.
Upstream changes:

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-10, GIT revision 11637:eb6f363:20170610.

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Introduce SetMagickSecurityPolicy() (MagickCore) and
    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
    policy (reference ImageMagick/ImageMagick#407).

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-9, GIT revision 11625:91bb35e:20170602.

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Fix choppy bitmap font rendering (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32071).
  * Add support for 'hex:' property.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-8, GIT revision 11606:8b67333:20170528.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Transient error validating the JPEG-2000 image format (reference
    ImageMagick/ImageMagick#501).
  * Properly allocate DCM image colormap (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32063).

2017-05-26  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-7, GIT revision 11598:07d1dee:20170526.

2017-05-23  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Improper allocation of memory for IM instances without threads (reference
          ImageMagick/ImageMagick#497).
  * Delete corrupt image from list (reference
    ImageMagick/ImageMagick#500).

2017-05-19  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-6, GIT revision 11590:7ce2d38:20170519.

2017-05-15  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Support various image operators for the compare utility (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=31938).
@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 8, 2017

Does it affect imagemagick 6?

@mikayla-grace

This comment has been minimized.

Copy link

commented Jul 8, 2017

Yes. All patches as a result of IMv7 bug are also applied to IMv6. Recall we intend to maintain IMv6 for a minimum of 10 years. However, any new enhancements are pushed to IMv7 only (e.g. the new -auto-threshold option).

@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 9, 2017

@carnil

This comment has been minimized.

Copy link

commented Jul 9, 2017

@dlemstra

This comment has been minimized.

Copy link
Member

commented Jul 9, 2017

@bastien-roucaries and @carnil This not an IM7 only bug. Here is the IM6 commit: 837085e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.