Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory leak in ReadSVGImage #603

Closed
bestshow opened this issue Jul 23, 2017 · 2 comments
Closed

memory leak in ReadSVGImage #603

bestshow opened this issue Jul 23, 2017 · 2 comments
Labels
bug

Comments

@bestshow
Copy link

Version: ImageMagick 7.0.6-2 Q16 x86_64

The ReadSVGImage function in svg.c:3273 allows attackers to cause a denial of service (memory leak) via a crafted file.

#./convert $FILE OUT.png
=================================================================
==27773==ERROR: detected memory leaks

Direct leak of 1080 byte(s) in 1 object(s) allocated from:
    #0 0x4eb9c6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0xf00642 in CloneDrawInfo /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/draw.c:252:27
    #2 0xdeb41c in ReadImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:497:13
    #3 0xae37fd in ReadSVGImage /home/test/Downloads/IM-afl/ImageMagick-master/coders/svg.c:3273:13
    #4 0xdeb41c in ReadImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:497:13
    #5 0xdef98d in ReadImages /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:866:9
    #6 0x1563cf7 in ConvertImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/convert.c:641:18
    #7 0x173f78a in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
    #8 0x521f3d in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
    #9 0x521f3d in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
    #10 0x7fd030ab1b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

SUMMARY: 1080 byte(s) leaked in 1 allocation(s).

testcase : https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ReadSVGImage.svg
Credit : ADLab of Venustech
@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

dlemstra pushed a commit that referenced this issue Jul 23, 2017
https://github.com/ImageMagick/ImageMagick/issues/603
2477eac
dlemstra pushed a commit that referenced this issue Jul 23, 2017
https://github.com/ImageMagick/ImageMagick/issues/603
27b3b9c
@dlemstra dlemstra added the bug label Jul 23, 2017
@nohmask
Copy link

nohmask commented Sep 8, 2017

This was assigned CVE-2017-12566.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bestshow @dlemstra @mikayla-grace @nohmask