memory leak in ResizeMagickMemory

[bestshow]

Version: ImageMagick 7.0.6-1 Q16 x86_64

The function ResizeMagickMemory in memory.c allows attackers to cause a denial of service (memory leak) via a crafted file.

#./magick identify $FILE
========================================
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4e062d in realloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
    #1 0x7f22361abc49 in ResizeMagickMemory /home/haojun/ImageMagick-master/MagickCore/memory.c:1221:9
    #2 0x7f22361abc49 in ResizeQuantumMemory /home/haojun/ImageMagick-master/MagickCore/memory.c:1285
    #3 0x7f2235e8d154 in ReadImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:497:13
    #4 0x7f223657879f in ReadStream /home/haojun/ImageMagick-master/MagickCore/stream.c:1045:9
    #5 0x7f2235e8bd07 in PingImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:226:9
    #6 0x7f223553b898 in IdentifyImageCommand /home/haojun/ImageMagick-master/MagickWand/identify.c:319:18
    #7 0x7f2235621f9b in MagickCommandGenesis /home/haojun/ImageMagick-master/MagickWand/mogrify.c:183:14
    #8 0x516867 in MagickMain /home/haojun/ImageMagick-master/utilities/magick.c:149:10
    #9 0x516867 in main /home/haojun/ImageMagick-master/utilities/magick.c:180
    #10 0x7f222fc60b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

SUMMARY: 4096 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ResizeMagickMemory
Credit : ADLab of Venustech

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2017-12433.