Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadDIBImage in dib.c #522

Closed
jgj212 opened this issue Jun 24, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@jgj212
Copy link
Contributor

commented Jun 24, 2017

Version: ImageMagick 7.0.6-1 Q16 x86_64

The ReadDIBImage function in dib.c allows attackers to cause a denial of service (memory leak) via a small crafted dib file.

#identify $FILE

==16890==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x4deea6 in __interceptor_malloc asan_malloc_linux.cc:66
    #1 0x7f431c55efd6 in AcquireMagickMemory memory.c:463:10
    #2 0x7f431c55f038 in AcquireQuantumMemory memory.c:536:10
    #3 0x7f431c8cafd8 in ReadDIBImage dib.c:615:38
    #4 0x7f431c339788 in ReadImage constitute.c:497:13
    #5 0x7f431c6d24b9 in ReadStream stream.c:1045:9
    #6 0x7f431c33832f in PingImage constitute.c:226:9
    #7 0x7f431c338ad3 in PingImages constitute.c:327:10
    #8 0x7f431ba7e006 in IdentifyImageCommand identify.c:319:18
    #9 0x7f431bb3bcdf in MagickCommandGenesis mogrify.c:183:14
    #10 0x514a27 in MagickMain magick.c:149:10
    #11 0x514481 in main magick.c:180:10
    #12 0x7f431637af44 in __libc_start_main libc-start.c:287

testcase:
https://github.com/jgj212/poc/blob/master/memory-leak-ReadDIBImage

Credit: ADLab of Venustech

@mikayla-grace

This comment has been minimized.

Copy link

commented Jun 24, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jun 24, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jun 24, 2017

Cristy

@dlemstra dlemstra closed this Jun 24, 2017

@dlemstra dlemstra added the bug label Jun 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.