New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap buffer overflow in ReadOneMNGImage #542
Comments
|
Out-of-bounds READ or WRITE? Can you provide the ASAN output please? |
|
@attritionorg out-of-bounds read |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
The same vulnerability existed with the CLIP chunk. I've checked in a fix. |
|
This was assigned CVE-2017-12640. |
Version: ImageMagick 7.0.6-1 Q16 x86_64
$magick identify $FILE
Here is the critical code
So a crafted file will cause x_off[i] out-of-bound operation vulnerability.
POC: https://github.com/jgj212/poc/blob/master/heap-mng
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: