Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
imagemagick identify&convert heap-buffer-overflow #538
when identify or convert MNG file, imagemagick will cause a heap buffer overflow
The vulnerability is caused when identify MNG image, which happens in function mng_get_long (coders/png.c:1636) which is called by line 5741 at coders/png.c.
It is caused by heap buffer overflow, which is caused by a read operation without overflow check.
When setting proper length and repeat value, it is possible to disclosing some critical data, such as heap chunk data and even other applications’ private data.