New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory-Leak in ReadOnePNGImage() coders/png.c #582

Closed
lcatro opened this Issue Jul 18, 2017 · 6 comments

Comments

Projects
None yet
5 participants
@lcatro

lcatro commented Jul 18, 2017

Crash Link : https://raw.githubusercontent.com/lcatro/My_PoC/master/ImageMagick/memory-leak_output_art_ReadOnePNGImage

Trigger Command : ./magick convert memory-leak_output_art_ReadOnePNGImage output.art

Crash Detail :

fuzzing@ubuntu:~/fuzzing/ImageMagick/utilities$ ./magick convert memory-leak_output_art_ReadOnePNGImage output.art
gamma = (3846543/100000)wx=39594.542969, wy=0.329000, rx=0.640000, ry=0.614160
gx=0.300000, gy=0.600000, bx=0.150000, by=0.060000
convert: UnableToOpenConfigureFile `magic.xml' @ warning/configure.c/GetConfigureOptions/715.
convert: Ignoring incorrect gAMA value when sRGB is also present `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring incorrect cHRM value when sRGB is also present `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: Ignoring bad adaptive filter type `memory-leak_output_art_ReadOnePNGImage' @ warning/png.c/MagickPNGWarningHandler/1693.
convert: incorrect data check `memory-leak_output_art_ReadOnePNGImage' @ error/png.c/MagickPNGErrorHandler/1660.

=================================================================
==53617==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 152 byte(s) in 1 object(s) allocated from:
    #0 0x7f4833557602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f4832a55dba in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f4832adf331 in AcquireQuantumInfo MagickCore/quantum.c:118
    #3 0x7f4832e59e27 in ReadOnePNGImage coders/png.c:3291
    #4 0x7f4832e5d499 in ReadPNGImage coders/png.c:4156
    #5 0x7f48328a80cd in ReadImage MagickCore/constitute.c:497
    #6 0x7f48328aa2cc in ReadImages MagickCore/constitute.c:866
    #7 0x7f483206507d in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7f48321f3d68 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x4017f1 in MagickMain utilities/magick.c:149
    #10 0x4019d2 in main utilities/magick.c:180
    #11 0x7f483196882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 3174 byte(s) in 6 object(s) allocated from:
    #0 0x7f4833557602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f4832a55dba in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f4832a55e0e in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f4832adf77a in AcquireQuantumPixels MagickCore/quantum.c:175
    #4 0x7f4832ae145e in SetQuantumDepth MagickCore/quantum.c:693
    #5 0x7f4832ae167a in SetQuantumEndian MagickCore/quantum.c:733
    #6 0x7f4832e59e73 in ReadOnePNGImage coders/png.c:3296
    #7 0x7f4832e5d499 in ReadPNGImage coders/png.c:4156
    #8 0x7f48328a80cd in ReadImage MagickCore/constitute.c:497
    #9 0x7f48328aa2cc in ReadImages MagickCore/constitute.c:866
    #10 0x7f483206507d in ConvertImageCommand MagickWand/convert.c:641
    #11 0x7f48321f3d68 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x4017f1 in MagickMain utilities/magick.c:149
    #13 0x4019d2 in main utilities/magick.c:180
    #14 0x7f483196882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f4833558076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
    #1 0x7f4832b39f83 in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7f4832b3a03f in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7f4832ae0436 in GetQuantumInfo MagickCore/quantum.c:427
    #4 0x7f4832adf45b in AcquireQuantumInfo MagickCore/quantum.c:122
    #5 0x7f4832e59e27 in ReadOnePNGImage coders/png.c:3291
    #6 0x7f4832e5d499 in ReadPNGImage coders/png.c:4156
    #7 0x7f48328a80cd in ReadImage MagickCore/constitute.c:497
    #8 0x7f48328aa2cc in ReadImages MagickCore/constitute.c:866
    #9 0x7f483206507d in ConvertImageCommand MagickWand/convert.c:641
    #10 0x7f48321f3d68 in MagickCommandGenesis MagickWand/mogrify.c:183
    #11 0x4017f1 in MagickMain utilities/magick.c:149
    #12 0x4019d2 in main utilities/magick.c:180
    #13 0x7f483196882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f4833557602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7f4832a55dba in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7f4832a55e0e in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7f4832adf639 in AcquireQuantumPixels MagickCore/quantum.c:166
    #4 0x7f4832ae145e in SetQuantumDepth MagickCore/quantum.c:693
    #5 0x7f4832ae167a in SetQuantumEndian MagickCore/quantum.c:733
    #6 0x7f4832e59e73 in ReadOnePNGImage coders/png.c:3296
    #7 0x7f4832e5d499 in ReadPNGImage coders/png.c:4156
    #8 0x7f48328a80cd in ReadImage MagickCore/constitute.c:497
    #9 0x7f48328aa2cc in ReadImages MagickCore/constitute.c:866
    #10 0x7f483206507d in ConvertImageCommand MagickWand/convert.c:641
    #11 0x7f48321f3d68 in MagickCommandGenesis MagickWand/mogrify.c:183
    #12 0x4017f1 in MagickMain utilities/magick.c:149
    #13 0x4019d2 in main utilities/magick.c:180
    #14 0x7f483196882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 3438 byte(s) leaked in 9 allocation(s).
@mikayla-grace

This comment has been minimized.

Show comment
Hide comment
@mikayla-grace

mikayla-grace Jul 18, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

mikayla-grace commented Jul 18, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 18, 2017

@dlemstra dlemstra added the bug label Jul 18, 2017

@dlemstra dlemstra closed this Jul 18, 2017

@bastien-roucaries

This comment has been minimized.

Show comment
Hide comment
@bastien-roucaries

bastien-roucaries commented Jul 27, 2017

Is is v7 only ?

@lcatro

This comment has been minimized.

Show comment
Hide comment
@lcatro

lcatro Jul 28, 2017

@bastien-roucaries My source is v7 ,i had not try reproduct in v6 ..

lcatro commented Jul 28, 2017

@bastien-roucaries My source is v7 ,i had not try reproduct in v6 ..

@glennrp

This comment has been minimized.

Show comment
Hide comment
@glennrp

glennrp Jul 28, 2017

Contributor

IM6 is still leaking; I'll patch it later today.

Contributor

glennrp commented Jul 28, 2017

IM6 is still leaking; I'll patch it later today.

@glennrp

This comment has been minimized.

Show comment
Hide comment
@glennrp

glennrp Jul 28, 2017

Contributor

IM6 fixed by commit 4e81160

Contributor

glennrp commented Jul 28, 2017

IM6 fixed by commit 4e81160

@dlemstra dlemstra closed this Jul 28, 2017

@bastien-roucaries

This comment has been minimized.

Show comment
Hide comment
@bastien-roucaries

bastien-roucaries commented Jul 29, 2017

CVE-2017-11539

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Sep 9, 2017

Update to 6.9.9.11
Changelog:
2017-09-03  6.9.9-11 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-11, GIT revision 11969:a12fbb873:20170903.

2017-08-28  6.9.9-11 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Don't overwrite symbolic links when the shred policy is enabled.

2017-08-27  6.9.9-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-10, GIT revision 11936:a8112a821:20170827.

2017-08-26  6.9.9-10 Dirk Lemstra <dirk@lem.....org>
  * Fixed thread safety issue inside the pango and librsvg decoder
    (reference: dlemstra/Magick.NET#91).

2017-08-20  6.9.9-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-9, GIT revision 11915:5205bda17:20170820.

2017-08-18  6.6.9-9 Glenn Randers-Pehrson <glennrp@image...>
  * Fixed bug with writing tIME chunk when timezone has a negative offset
    (reference: ImageMagick/ImageMagick#685).

2017-08-18  6.9.9-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-8, GIT revision 11906:26078285f:20170818.

2017-08-18  6.9.9-8 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-08-12  6.9.9-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-7, GIT revision 11893:8c4c56a0e:20170812
    (Windows binaries out of sync).

2017-08-10  6.9.9-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-6, GIT revision 11886:af2b102db:20170810.

2017-08-10  6.9.9-6 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-08-10  6.9.9-6 Glenn Randers-Pehrson <glennrp@image...>
  * tests/validate.c: Show the reason for failures in the test logs,
    if available.

2017-08-03  6.9.9-6 Glenn Randers-Pehrson <glennrp@image...>
  * Put UTC time in the PNG tIME chunk instead of local time (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32447).

2017-08-02  6.9.9-5 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-5, GIT revision 11858:7a555e53f:20170802.

2017-08-01  6.9.9-5 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-07-29  6.9.9-5 Glenn Randers-Pehrson <glennrp@image...>
  * Properly set image->colorspace in the PNG decoder (previously
    it was setting image->gamma, but only setting image->colorspace
    for grayscale and gray-alpha images.  Reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32418).
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    ImageMagick/ImageMagick#632).

2017-07-29  6.9.9-5 Cristy  <quetzlzacatenango@image...>
  * Off by one error for gradient coder (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32416).

2017-07-28  6.9.9-4 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-4, GIT revision 11833:4e81160d6:20170728.

2017-07-25  6.9.9-4 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * coders/png.c: Initialized quantum_scanline to prevent a bad free
    (reference ImageMagick/ImageMagick#621).

2017-07-24  6.9.9-4 Glenn Randers-Pehrson <glennrp@image...>
  * Removed write_chunk_from_profile() from coders/png.c because it
    has not worked at least since version 6.7.6.
  * Removed many redundant checks before RelinquishMagickMemory(),
    which is safe to call with a NULL argument.
  * Removed vpAg chunk write support (we are now writing caNv instead).
  * coders/png.c: Initialized quantum_info to prevent memory leakage
    (reference ImageMagick/ImageMagick#582,
    CVE-2017-11539).
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    ImageMagick/ImageMagick#586).

2017-07-24  6.9.9-3 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-3, GIT revision 11809:2bd88257b:20170724.

2017-07-23  6.9.9-3 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-07-23  6.9.9-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600).
    ImageMagick/ImageMagick#602).

2017-07-22  6.9.9-2 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-2, GIT revision 11786:21b23bf09:20170722.

2017-07-22  6.9.9-2 Cristy  <quetzlzacatenango@image...>
  * composite -dissolve works again reference
    ImageMagick/ImageMagick#597).

2017-07-21  6.9.9-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-1, GIT revision 11782:75f7e994e:20170721.

2017-07-19  6.9.9-1 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-07-15  6.9.9-1 Glenn Randers-Pehrson <glennrp@image...>
  * Don't write a hex-encoded Exif profile when writing the eXIf chunk.
  * Added caNv, eXIf, and pHYs to the list of PNG chunks to be removed
    by the "-strip" option.

2017-07-15  6.9.9-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.9-0, GIT revision 11738:8903861b2:20170715.

2017-07-13  6.9.9-0 Glenn Randers-Pehrson <glennrp@image...>
  * Implemented PNG eXIf chunk support.

2017-07-08  6.9.9-0 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Don't use variable float_t / double_t, bump SO (reference
    ImageMagick/ImageMagick#510).
  * Support DNG images with libraw delegate library.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Sep 13, 2017

wiz
ImageMagick: update to 7.0.7.2.
2017-09-11  7.0.7-2 Glenn Randers-Pehrson <glennrp@image...>
  * Use signed integer arithmetic to caluculate timezone corrections (reference
    ImageMagick/ImageMagick#685).

2017-09-09  7.0.7-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.7-1, GIT revision 21065:ab2194121:20170909.

2017-09-09  7.0.7-1 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-09-05 7.0.7-1 Dirk Lemstra <dirk@lem.....org>
  * Added -define tiff:write-layers=true to add support for writing layered
    tiff files.

2017-09-03  7.0.7-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.7-0, GIT revision 20996:2f8ac2203:20170903.

2017-08-28  7.0.7-0 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Don't overwrite symbolic links when the shred policy is enabled.

2017-08-27  7.0.6-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-10, GIT revision 20920:9940c367a:20170827.

2017-08-27  7.0.6-10 Cristy  <quetzlzacatenango@image...>
  * Support -metric ssim, structual similarity index.

2017-08-26  7.0.6-10 Dirk Lemstra <dirk@lem.....org>
  * Fixed thread safety issue inside the pango and librsvg decoder
    (reference: dlemstra/Magick.NET#91).

2017-08-20  7.0.6-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-9, GIT revision 20860:3f307d8ad:20170820.

2017-08-18  7.0.6-9 Glenn Randers-Pehrson <glennrp@image...>
  * Fixed bug with writing tIME chunk when timezone has a negative offset
    (reference: ImageMagick/ImageMagick#685)

2017-08-18  7.0.6-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-8, GIT revision 20838:e2eb79427:20170818.

2017-08-14  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Support CubicSpline resize filter.  Define the lobes with the
    -define filter:lobes={2,3,4} (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506).
  * Prevent assertion failure when creating PDF thumbnail (reference
    ImageMagick/ImageMagick#674).

2017-08-12  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-7, GIT revision 20799:0db4d8a16:20170812.

2017-08-12  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Improve EPS aliasing (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32497).

2017-08-11  7.0.6-7 Dirk Lemstra <dirk@lem.....org>
  * Added a new option called 'dds:fast-mipmaps' (reference
    ImageMagick/ImageMagick#558)
  * The mipmaps of a dds image can now be created from a list of images with
    -define dds:mipmaps=fromlist (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=30236).

2017-08-10  7.0.6-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-6, GIT revision 20775:061d0fa25:20170810.

2017-08-10  7.0.6-6 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-08-10  7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
  * tests/validate.c: Show the reason for failures in the test logs,
    if available.

2017-08-03  7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
  * Put UTC time in the PNG tIME chunk instead of local time (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32447).

2017-08-02  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-5, GIT revision 20715:26b28d50a:20170802.

2017-08-01  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-07-29  7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Properly set image->colorspace in the PNG decoder (previously
    it was setting image->gamma, but only setting image->colorspace
    for grayscale and gray-alpha images.  Reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32418).
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    ImageMagick/ImageMagick#632).
  * Added "-define png:ignore-crc" option to PNG decoder. When you know
    your image has no CRC or ADLER32 errors, this can speed up decoding.
    It is also helpful in debugging bug reports from "fuzzers".

2017-07-29  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Off by one error for gradient coder (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32416),
    ImageMagick/ImageMagick#612).

2017-07-28  7.0.6-4 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-4, GIT revision 20657:4e81160d6:20170728.

2017-07-24  7.0.6-4 Cristy  <quetzlzacatenango@image...>
  * YUV coder no longer renders streaks (reference
    ImageMagick/ImageMagick#612).
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    ImageMagick/ImageMagick#618 (CVE-2017-12676).
  * coders/png.c: Initialized quantum_scanline and quantum_info
    to prevent a bad free (reference
    ImageMagick/ImageMagick#621).

2017-07-25  7.0.6-4 Glenn Randers-Pehrson <glennrp@image...>
  * Removed write_chunk_from_profile() from coders/png.c because it has
    not worked at least since version 6.7.6.
  * Removed many redundant checks before RelinquishMagickMemory(), which
    is safe to call with a NULL argument.
  * Added experimental PNG orNT chunk, to store image->orientation.
  * Removed vpAg chunk write support (we are now writing caNv instead).

2017-07-24  7.0.6-3 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-3, GIT revision 20598:cc9c43b44:20170724.

2017-07-23  7.0.6-3 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600 (CVE-2017-13141),
    ImageMagick/ImageMagick#602 (CVE-2017-12565).

2017-07-21  7.0.6-2 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-2, GIT revision 20549:62fcf3d96:20170721.

2017-07-19  7.0.6-2 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * The -monochrome option no longer returns a blank canvas (reference
    ImageMagick/ImageMagick#594).
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    ImageMagick/ImageMagick#582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    ImageMagick/ImageMagick#586).

2017-07-15  7.0.6-2 Glenn Randers-Pehrson <glennrp@image...>
  * Added caNv, eXIf, and pHYs to the list of PNG chunks to be removed
    by the "-strip" option.

2017-07-15  7.0.6-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-1, GIT revision 20447:c2a315e10:20170715.

2017-07-13  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Implemented PNG eXIf chunk support.

2017-07-08  7.0.6-1 Cristy  <quetzlzacatenango@image...>
  * Support new -auto-threshold option.  OTSU and Triangle methods are
    currently supported.  Look for the Kapur method in the next release.
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues).
  * Don't use variable float_t / double_t, bump SO (reference
    ImageMagick/ImageMagick#510).
  * Support DNG images with libraw delegate library.

2017-07-02  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Reject PNG file that is too small (under 60 bytes) to contain
    a valid image.
  * Reject JPEG file that is too small (under 107 bytes) to contain
    a valid image.
  * Reject JNG file that is too small (under 147 bytes) to contain
    a valid image.

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    ImageMagick/ImageMagick#517,
    CVE 2017-11310).

buildroot-auto-update pushed a commit to buildroot/buildroot that referenced this issue Sep 17, 2017

package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    ImageMagick/ImageMagick#632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    ImageMagick/ImageMagick#618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600 (CVE-2017-13141),
    ImageMagick/ImageMagick#602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    ImageMagick/ImageMagick#582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    ImageMagick/ImageMagick#586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    ImageMagick/ImageMagick#517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

buildroot-auto-update pushed a commit to buildroot/buildroot that referenced this issue Sep 21, 2017

package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    ImageMagick/ImageMagick#632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    ImageMagick/ImageMagick#618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600 (CVE-2017-13141),
    ImageMagick/ImageMagick#602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    ImageMagick/ImageMagick#582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    ImageMagick/ImageMagick#586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    ImageMagick/ImageMagick#517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1cf1b98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

buildroot-auto-update pushed a commit to buildroot/buildroot that referenced this issue Oct 16, 2017

package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    ImageMagick/ImageMagick#632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    ImageMagick/ImageMagick#618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600 (CVE-2017-13141),
    ImageMagick/ImageMagick#602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    ImageMagick/ImageMagick#582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    ImageMagick/ImageMagick#586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    ImageMagick/ImageMagick#517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 1cf1b98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment