memory exhaustion in ReadPCXImage #536
Labels
Comments
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
dlemstra
pushed a commit
that referenced
this issue
Jul 4, 2017
dlemstra
pushed a commit
that referenced
this issue
Jul 4, 2017
|
This was assigned CVE-2017-12432. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version: ImageMagick 7.0.6-1 Q16 x86_64
#./magick identify $FILE
When identify PCX file , imagemagick will allocate memory to store the data.
Here is the critical code:
pixel_info=AcquireVirtualMemory(pcx_packets,2*sizeof(*pixels)); //406pcx_packets can be controlled as follow:
pcx_info.planes can be read from input file
pcx_info.planes=(unsigned char) ReadBlobByte(image); //358Here is my policy.xml to limit memory usage,but 256MB limit can be bypassed.
testcase:https://github.com/bestshow/p0cs/blob/master/memory_exhaustion_in_ReadPCXImage
Creadit : ADLab of Venustech
The text was updated successfully, but these errors were encountered: