Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ResizeMagickMemory #548

Closed
bestshow opened this issue Jul 7, 2017 · 2 comments

Comments

Projects
None yet
4 participants
@bestshow
Copy link

commented Jul 7, 2017

Version: ImageMagick 7.0.6-1 Q16 x86_64

The function ResizeMagickMemory in memory.c allows attackers to cause a denial of service (memory leak) via a crafted file.

#./magick identify $FILE
========================================
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4e062d in realloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
    #1 0x7f22361abc49 in ResizeMagickMemory /home/haojun/ImageMagick-master/MagickCore/memory.c:1221:9
    #2 0x7f22361abc49 in ResizeQuantumMemory /home/haojun/ImageMagick-master/MagickCore/memory.c:1285
    #3 0x7f2235e8d154 in ReadImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:497:13
    #4 0x7f223657879f in ReadStream /home/haojun/ImageMagick-master/MagickCore/stream.c:1045:9
    #5 0x7f2235e8bd07 in PingImage /home/haojun/ImageMagick-master/MagickCore/constitute.c:226:9
    #6 0x7f223553b898 in IdentifyImageCommand /home/haojun/ImageMagick-master/MagickWand/identify.c:319:18
    #7 0x7f2235621f9b in MagickCommandGenesis /home/haojun/ImageMagick-master/MagickWand/mogrify.c:183:14
    #8 0x516867 in MagickMain /home/haojun/ImageMagick-master/utilities/magick.c:149:10
    #9 0x516867 in main /home/haojun/ImageMagick-master/utilities/magick.c:180
    #10 0x7f222fc60b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

SUMMARY: 4096 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ResizeMagickMemory
Credit : ADLab of Venustech

@mikayla-grace

This comment has been minimized.

Copy link

commented Jul 7, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 7, 2017

Cristy

dlemstra pushed a commit that referenced this issue Jul 7, 2017

Cristy

@dlemstra dlemstra added the bug label Jul 7, 2017

@dlemstra dlemstra closed this Jul 7, 2017

@nohmask

This comment has been minimized.

Copy link

commented Sep 8, 2017

This was assigned CVE-2017-12433.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.