New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memory exhausted in ReadWEBPImage #641
Comments
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
The fix breaks reading all WebP images. Line 266 in the new code sets |
|
Create two CVE: one for the original issue and one for the null dereference |
|
And post CVE number here |
|
He has a remark about the fix that we applied that has not been released to the public yet. Why do we need a CVE for that? |
|
No if not yet public but mark clearly in changelog and commit that the fix is in fact two fix. Better will be to revert and redo and post here the correct fix |
|
Please use CVE-2017-14137 for the "ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header." issue. |
Version: ImageMagick 7.0.6-5 Q16 x86_64
Here is the critical code
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: