Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadImage #616

Closed
bestshow opened this issue Jul 25, 2017 · 3 comments
Closed

memory leak in ReadImage #616

bestshow opened this issue Jul 25, 2017 · 3 comments
Labels

Comments

@bestshow
Copy link

Version: ImageMagick 7.0.6-3 Q16 x86_64

A memory leak vulnerability was found in function ReadImage ,which allow attackers to cause a denial of service (memory leak) via a crafted file.

=================================================================
==79900==ERROR: detected memory leaks

Direct leak of 13024 byte(s) in 1 object(s) allocated from:
    #0 0x4eb9c6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x52b585 in AcquireImageInfo /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/image.c:347:28
    #2 0xde14b1 in ReadImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:497:13
    #3 0x13168be in ReadStream /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/stream.c:1045:9
    #4 0xde0261 in PingImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:226:9
    #5 0x165a325 in IdentifyImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/identify.c:319:18
    #6 0x172df58 in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
    #7 0x521ccd in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
    #8 0x521ccd in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
    #9 0x7fd408a75b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
    #0 0x4eb9c6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0xd40982 in AcquirePixelCache /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/cache.c:195:28
    #2 0xde0261 in PingImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:226:9
    #3 0x165a325 in IdentifyImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/identify.c:319:18
    #4 0x172df58 in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
    #5 0x521ccd in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
    #6 0x521ccd in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
    #7 0x7fd408a75b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

......

SUMMARY: 22634 byte(s) leaked in 11 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ReadImage.mat
Credit:ADLab of Venustech

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@bastien-roucaries
Copy link

Please open a CVE

@nohmask
Copy link

nohmask commented Sep 8, 2017

This was assigned CVE-2017-12675.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

5 participants