memory leak in ReadOneJNGImage #618
Labels
Comments
|
Confirmed that this bug is present in IM-7.0.6-3 and IM-6.9.9-3 |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
dlemstra
pushed a commit
that referenced
this issue
Jul 25, 2017
dlemstra
pushed a commit
that referenced
this issue
Jul 25, 2017
dlemstra
pushed a commit
that referenced
this issue
Jul 25, 2017
|
Please open a CVE |
|
This was assigned CVE-2017-12676 |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Sep 13, 2017
2017-09-11 7.0.7-2 Glenn Randers-Pehrson <glennrp@image...>
* Use signed integer arithmetic to caluculate timezone corrections (reference
ImageMagick/ImageMagick#685).
2017-09-09 7.0.7-1 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-1, GIT revision 21065:ab2194121:20170909.
2017-09-09 7.0.7-1 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2017-09-05 7.0.7-1 Dirk Lemstra <dirk@lem.....org>
* Added -define tiff:write-layers=true to add support for writing layered
tiff files.
2017-09-03 7.0.7-0 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.7-0, GIT revision 20996:2f8ac2203:20170903.
2017-08-28 7.0.7-0 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
* Don't overwrite symbolic links when the shred policy is enabled.
2017-08-27 7.0.6-10 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-10, GIT revision 20920:9940c367a:20170827.
2017-08-27 7.0.6-10 Cristy <quetzlzacatenango@image...>
* Support -metric ssim, structual similarity index.
2017-08-26 7.0.6-10 Dirk Lemstra <dirk@lem.....org>
* Fixed thread safety issue inside the pango and librsvg decoder
(reference: dlemstra/Magick.NET#91).
2017-08-20 7.0.6-9 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-9, GIT revision 20860:3f307d8ad:20170820.
2017-08-18 7.0.6-9 Glenn Randers-Pehrson <glennrp@image...>
* Fixed bug with writing tIME chunk when timezone has a negative offset
(reference: ImageMagick/ImageMagick#685)
2017-08-18 7.0.6-8 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-8, GIT revision 20838:e2eb79427:20170818.
2017-08-14 7.0.6-7 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
* Support CubicSpline resize filter. Define the lobes with the
-define filter:lobes={2,3,4} (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506).
* Prevent assertion failure when creating PDF thumbnail (reference
ImageMagick/ImageMagick#674).
2017-08-12 7.0.6-7 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-7, GIT revision 20799:0db4d8a16:20170812.
2017-08-12 7.0.6-7 Cristy <quetzlzacatenango@image...>
* Improve EPS aliasing (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32497).
2017-08-11 7.0.6-7 Dirk Lemstra <dirk@lem.....org>
* Added a new option called 'dds:fast-mipmaps' (reference
ImageMagick/ImageMagick#558)
* The mipmaps of a dds image can now be created from a list of images with
-define dds:mipmaps=fromlist (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=30236).
2017-08-10 7.0.6-6 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-6, GIT revision 20775:061d0fa25:20170810.
2017-08-10 7.0.6-6 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2017-08-10 7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
* tests/validate.c: Show the reason for failures in the test logs,
if available.
2017-08-03 7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
* Put UTC time in the PNG tIME chunk instead of local time (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32447).
2017-08-02 7.0.6-5 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-5, GIT revision 20715:26b28d50a:20170802.
2017-08-01 7.0.6-5 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
* Properly set image->colorspace in the PNG decoder (previously
it was setting image->gamma, but only setting image->colorspace
for grayscale and gray-alpha images. Reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32418).
* Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
ImageMagick/ImageMagick#632).
* Added "-define png:ignore-crc" option to PNG decoder. When you know
your image has no CRC or ADLER32 errors, this can speed up decoding.
It is also helpful in debugging bug reports from "fuzzers".
2017-07-29 7.0.6-5 Cristy <quetzlzacatenango@image...>
* Off by one error for gradient coder (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32416),
ImageMagick/ImageMagick#612).
2017-07-28 7.0.6-4 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-4, GIT revision 20657:4e81160d6:20170728.
2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
* YUV coder no longer renders streaks (reference
ImageMagick/ImageMagick#612).
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues) including
ImageMagick/ImageMagick#618 (CVE-2017-12676).
* coders/png.c: Initialized quantum_scanline and quantum_info
to prevent a bad free (reference
ImageMagick/ImageMagick#621).
2017-07-25 7.0.6-4 Glenn Randers-Pehrson <glennrp@image...>
* Removed write_chunk_from_profile() from coders/png.c because it has
not worked at least since version 6.7.6.
* Removed many redundant checks before RelinquishMagickMemory(), which
is safe to call with a NULL argument.
* Added experimental PNG orNT chunk, to store image->orientation.
* Removed vpAg chunk write support (we are now writing caNv instead).
2017-07-24 7.0.6-3 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-3, GIT revision 20598:cc9c43b44:20170724.
2017-07-23 7.0.6-3 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
2017-07-23 7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
* Fix memory leaks when reading a malformed JNG image:
ImageMagick/ImageMagick#600 (CVE-2017-13141),
ImageMagick/ImageMagick#602 (CVE-2017-12565).
2017-07-21 7.0.6-2 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-2, GIT revision 20549:62fcf3d96:20170721.
2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
* The -monochrome option no longer returns a blank canvas (reference
ImageMagick/ImageMagick#594).
* coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
ImageMagick/ImageMagick#582
* coders/png.c: fixed NULL dereference when trying to write an empty MNG
(CVE-2017-11522, reference
ImageMagick/ImageMagick#586).
2017-07-15 7.0.6-2 Glenn Randers-Pehrson <glennrp@image...>
* Added caNv, eXIf, and pHYs to the list of PNG chunks to be removed
by the "-strip" option.
2017-07-15 7.0.6-1 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.6-1, GIT revision 20447:c2a315e10:20170715.
2017-07-13 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
* Implemented PNG eXIf chunk support.
2017-07-08 7.0.6-1 Cristy <quetzlzacatenango@image...>
* Support new -auto-threshold option. OTSU and Triangle methods are
currently supported. Look for the Kapur method in the next release.
* Fixed numerous memory leaks (reference
https://github.com/ImageMagick/ImageMagick/issues).
* Don't use variable float_t / double_t, bump SO (reference
ImageMagick/ImageMagick#510).
* Support DNG images with libraw delegate library.
2017-07-02 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
* Reject PNG file that is too small (under 60 bytes) to contain
a valid image.
* Reject JPEG file that is too small (under 107 bytes) to contain
a valid image.
* Reject JNG file that is too small (under 147 bytes) to contain
a valid image.
2017-06-22 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
* Stop a memory leak in read_user_chunk_callback() (reference
ImageMagick/ImageMagick#517,
CVE 2017-11310).
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Sep 17, 2017
Quoting CVE-related issues from https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog 2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...> * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference ImageMagick/ImageMagick#632). 2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...> * Fixed numerous memory leaks (reference https://github.com/ImageMagick/ImageMagick/issues) including ImageMagick/ImageMagick#618 (CVE-2017-12676). 2017-07-23 7.0.6-3 Glenn Randers-Pehrson <glennrp@image...> * Fix memory leaks when reading a malformed JNG image: ImageMagick/ImageMagick#600 (CVE-2017-13141), ImageMagick/ImageMagick#602 (CVE-2017-12565). 2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...> * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference ImageMagick/ImageMagick#582 * coders/png.c: fixed NULL dereference when trying to write an empty MNG (CVE-2017-11522, reference ImageMagick/ImageMagick#586). 2017-06-22 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...> * Stop a memory leak in read_user_chunk_callback() (reference ImageMagick/ImageMagick#517, CVE 2017-11310). Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Sep 21, 2017
Quoting CVE-related issues from https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog 2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...> * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference ImageMagick/ImageMagick#632). 2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...> * Fixed numerous memory leaks (reference https://github.com/ImageMagick/ImageMagick/issues) including ImageMagick/ImageMagick#618 (CVE-2017-12676). 2017-07-23 7.0.6-3 Glenn Randers-Pehrson <glennrp@image...> * Fix memory leaks when reading a malformed JNG image: ImageMagick/ImageMagick#600 (CVE-2017-13141), ImageMagick/ImageMagick#602 (CVE-2017-12565). 2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...> * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference ImageMagick/ImageMagick#582 * coders/png.c: fixed NULL dereference when trying to write an empty MNG (CVE-2017-11522, reference ImageMagick/ImageMagick#586). 2017-06-22 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...> * Stop a memory leak in read_user_chunk_callback() (reference ImageMagick/ImageMagick#517, CVE 2017-11310). Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit 1cf1b98) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Oct 16, 2017
Quoting CVE-related issues from https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog 2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...> * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference ImageMagick/ImageMagick#632). 2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...> * Fixed numerous memory leaks (reference https://github.com/ImageMagick/ImageMagick/issues) including ImageMagick/ImageMagick#618 (CVE-2017-12676). 2017-07-23 7.0.6-3 Glenn Randers-Pehrson <glennrp@image...> * Fix memory leaks when reading a malformed JNG image: ImageMagick/ImageMagick#600 (CVE-2017-13141), ImageMagick/ImageMagick#602 (CVE-2017-12565). 2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...> * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference ImageMagick/ImageMagick#582 * coders/png.c: fixed NULL dereference when trying to write an empty MNG (CVE-2017-11522, reference ImageMagick/ImageMagick#586). 2017-06-22 7.0.6-1 Glenn Randers-Pehrson <glennrp@image...> * Stop a memory leak in read_user_chunk_callback() (reference ImageMagick/ImageMagick#517, CVE 2017-11310). Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit 1cf1b98) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version: ImageMagick 7.0.6-3 Q16 x86_64
A memory leak vulnerability was found in function ReadOneJNGImage ,which allow attackers to cause a denial of service (memory leak) via a crafted file.
testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ReadOneJNGImage_2.jng
Credit:ADLab of Venustech
The text was updated successfully, but these errors were encountered: