Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in CloneDrawInfo #544

Closed
bestshow opened this issue Jul 6, 2017 · 3 comments
Closed

memory leak in CloneDrawInfo #544

bestshow opened this issue Jul 6, 2017 · 3 comments
Labels

Comments

@bestshow
Copy link

bestshow commented Jul 6, 2017

Version: ImageMagick 7.0.6-1 Q16 x86_64

The function CloneDrawInfo in draw.c allows attackers to cause a denial of service (memory leak) via a crafted file.

#identify $FILE 

================================== 
Direct leak of 1080 byte(s) in 1 object(s) allocated from: 
    #0 0x4e0276 in __interceptor_malloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66 
    #1 0x7f0ddae47272 in CloneDrawInfo /home/haojun/ImageMagick-master/MagickCore/draw.c:252:27 
    #2 0x7f0ddad31154 in ReadImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:497:13 
    #3 0x7f0ddb41c79f in ReadStream /home/haojun/ImageMagick-master/MagickCore/stream.c:1045:9 
    #4 0x7f0ddad2fd07 in PingImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:226:9 
    #5 0x7f0dda3df898 in IdentifyImageCommand /home/haojun/ImageMagick-master/MagickWand/identify.c:319:18 
    #6 0x7f0dda4c5f9b in MagickCommandGenesis /home/haojun/ImageMagick-master/MagickWand/mogrify.c:183:14 
    #7 0x516867 in MagickMain /home/haojun/ImageMagick-master/utilities/magick.c:149:10 
    #8 0x516867 in main /home/haojun/ImageMagick-master/utilities/magick.c:180 
    #9 0x7f0dd4b04b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274 

SUMMARY: 1080 byte(s) leaked in 1 allocation(s). 

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_CloneDrawInfo
Credit:ADLab of Venustech

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

@nohmask
Copy link

nohmask commented Sep 8, 2017

This was assigned CVE-2017-12428.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants