Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CPU exhaustion in ReadDPXImage #509

Closed
jgj212 opened this issue Jun 8, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@jgj212
Copy link
Contributor

commented Jun 8, 2017

Version: ImageMagick 7.0.6-0 Q16 x86_64

$magick identify $FILE

dpx.file.image_offset=ReadBlobLong(image);  //dpx.c  line 723
  for ( ; offset < (MagickOffsetType) dpx.file.image_offset; offset++)  //dpx.c  line 1119
    (void) ReadBlobByte(image); 

Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small.

Credit: ADLab of Venustech

@dlemstra dlemstra added the bug label Jun 8, 2017

@mikayla-grace

This comment has been minimized.

Copy link

commented Jun 8, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jun 8, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jun 8, 2017

dlemstra pushed a commit that referenced this issue Jun 8, 2017

Cristy

@dlemstra dlemstra closed this Jun 8, 2017

@bastien-roucaries

This comment has been minimized.

Copy link

commented Jul 13, 2017

This is CVE-2017-11188

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.