-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash in ImageMagick write palm format image #560
Comments
Can you add the output from the AddressSanitizer? Make sure you remove the # 1 parts because you will otherwise reference issues. |
@dlemstra I'm compiler this execute file with ASAN but it had not output any crash detail (and using valgrind too ) ,so I can't provide valuable information . |
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
This is CVE-2017-11537 |
Crash Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/FPE--0x7eff23c45e38_output_palm_1500208096.66
Trigger Command : ./magick convert FPE--0x7eff23c45e38_output_palm_1500208096.66 output.palm
Crash Detail :
fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert all_fuzzing_format_2017_7_16_5_13_10/crash/FPE--0x7eff23c45e38_output_palm_1500208096.66 output.palm
Aborted (core dumped)
The text was updated successfully, but these errors were encountered: