Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CPU exhaustion in ReadDPXImage #509

Closed
jgj212 opened this issue Jun 8, 2017 · 2 comments
Closed

CPU exhaustion in ReadDPXImage #509

jgj212 opened this issue Jun 8, 2017 · 2 comments
Labels

Comments

@jgj212
Copy link
Contributor

jgj212 commented Jun 8, 2017

Version: ImageMagick 7.0.6-0 Q16 x86_64

$magick identify $FILE

dpx.file.image_offset=ReadBlobLong(image);  //dpx.c  line 723
  for ( ; offset < (MagickOffsetType) dpx.file.image_offset; offset++)  //dpx.c  line 1119
    (void) ReadBlobByte(image); 

Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small.

Credit: ADLab of Venustech

@dlemstra dlemstra added the bug label Jun 8, 2017
@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

This is CVE-2017-11188

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants