New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
endless loop in ReadTXTImage #591
Comments
|
Did you opened a CVE ? |
|
@bastien-roucaries I'm sorry, I can not understand it. what is the right meaning? |
|
@jgj212 他是不是想问这个崩溃有没有申请过CVE 呀.. |
|
@bastien-roucaries I find this bug right now, i have not request a CVE-ID for this. @lcatro 多谢兄台,那句话太短了,翻译看不懂,汗 |
|
@jgj212 哈哈哈我猜的,刚才他也在我的issue 问过一回.你前面的崩溃去申请CVE 有通过吗,我星期一提交到现在都还没回邮件,提交GraphicsMagick 一天就搞定了.. |
|
@lcatro 感觉这个完全看脸,我还有大半年了都还挂起的 |
|
@jgj212 估计是给刷到不想收了吧,看到你们都跑出了很多,是不是有60 个CVE 了.. |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
This issue has been assigned CVE-2017-11523 |
|
@lcatro 总数没算过,好多都迟迟没下来,囧了 |
|
@jgj212 哈哈大兄弟加油,AD 实验室真的厉害 |
|
@lcatro 大企鹅的实力也是爆棚 |
Version: ImageMagick 7.0.6-2 Q16 x86_64
$magick convert cpu-ReadTXTImage 1.bmp
Here is the critical code
If text image file only contains "MagickID..." line, it will cause ReadTXTImage to infinite loop.
testcase: https://github.com/jgj212/poc/blob/master/cpu-ReadTXTImage
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: