You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A memory leak vulnerability was found in function ReadMATImage ,which allow attackers to cause a denial of service via a crafted file.
#./identify $FILE
==10190==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c401bba3 in AcquireImageInfo image.c:347:28
#3 0x7f87c4024d13 in CloneImageInfo image.c:952:14
#4 0x7f87c445227a in ReadMATImage mat.c:958:16
#5 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#6 0x7f87c41def59 in ReadStream stream.c:1045:9
#7 0x7f87c3e4460f in PingImage constitute.c:226:9
#8 0x7f87c3e44db3 in PingImages constitute.c:327:10
#9 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#10 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#11 0x514a47 in MagickMain magick.c:149:10
#12 0x5144a1 in main magick.c:180:10
#13 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c406b5c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7f87c3dc7164 in AcquirePixelCache cache.c:195:28
#4 0x7f87c41debec in ReadStream stream.c:1027:20
#5 0x7f87c3e4460f in PingImage constitute.c:226:9
#6 0x7f87c3e44db3 in PingImages constitute.c:327:10
#7 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#8 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c406b5c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7f87c3dc7c24 in AcquirePixelCacheNexus cache.c:268:31
#4 0x7f87c3dc7684 in AcquirePixelCache cache.c:211:26
#5 0x7f87c41debec in ReadStream stream.c:1027:20
#6 0x7f87c3e4460f in PingImage constitute.c:226:9
#7 0x7f87c3e44db3 in PingImages constitute.c:327:10
#8 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#9 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#10 0x514a47 in MagickMain magick.c:149:10
#11 0x5144a1 in main magick.c:180:10
#12 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c41beee5 in NewSplayTree splay-tree.c:1106:32
#3 0x7f87c41beb14 in CloneSplayTree splay-tree.c:359:14
#4 0x7f87c409bff5 in CloneImageOptions option.c:1880:27
#5 0x7f87c40265c4 in CloneImageInfo image.c:1007:10
#6 0x7f87c445227a in ReadMATImage mat.c:958:16
#7 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#8 0x7f87c41def59 in ReadStream stream.c:1045:9
#9 0x7f87c3e4460f in PingImage constitute.c:226:9
#10 0x7f87c3e44db3 in PingImages constitute.c:327:10
#11 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#12 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#13 0x514a47 in MagickMain magick.c:149:10
#14 0x5144a1 in main magick.c:180:10
#15 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7f87c406b3a2 in AcquireAlignedMemory memory.c:262:7
#2 0x7f87c3dc7b2e in AcquirePixelCacheNexus cache.c:264:29
#3 0x7f87c3dc7684 in AcquirePixelCache cache.c:211:26
#4 0x7f87c41debec in ReadStream stream.c:1027:20
#5 0x7f87c3e4460f in PingImage constitute.c:226:9
#6 0x7f87c3e44db3 in PingImages constitute.c:327:10
#7 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#8 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7f87c41a91c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7f87c41a8a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7f87c3dc7943 in AcquirePixelCache cache.c:226:25
#4 0x7f87c41debec in ReadStream stream.c:1027:20
#5 0x7f87c3e4460f in PingImage constitute.c:226:9
#6 0x7f87c3e44db3 in PingImages constitute.c:327:10
#7 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#8 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7f87c41a91c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7f87c41a8a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7f87c41bf266 in NewSplayTree splay-tree.c:1119:25
#4 0x7f87c41beb14 in CloneSplayTree splay-tree.c:359:14
#5 0x7f87c409bff5 in CloneImageOptions option.c:1880:27
#6 0x7f87c40265c4 in CloneImageInfo image.c:1007:10
#7 0x7f87c445227a in ReadMATImage mat.c:958:16
#8 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#9 0x7f87c41def59 in ReadStream stream.c:1045:9
#10 0x7f87c3e4460f in PingImage constitute.c:226:9
#11 0x7f87c3e44db3 in PingImages constitute.c:327:10
#12 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#13 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7f87c41a91c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7f87c41a8a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7f87c3dc79d2 in AcquirePixelCache cache.c:228:30
#4 0x7f87c41debec in ReadStream stream.c:1027:20
#5 0x7f87c3e4460f in PingImage constitute.c:226:9
#6 0x7f87c3e44db3 in PingImages constitute.c:327:10
#7 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#8 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c41bde70 in AddValueToSplayTree splay-tree.c:188:21
#3 0x7f87c41bed1c in CloneSplayTree splay-tree.c:371:12
#4 0x7f87c409bff5 in CloneImageOptions option.c:1880:27
#5 0x7f87c40265c4 in CloneImageInfo image.c:1007:10
#6 0x7f87c445227a in ReadMATImage mat.c:958:16
#7 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#8 0x7f87c41def59 in ReadStream stream.c:1045:9
#9 0x7f87c3e4460f in PingImage constitute.c:226:9
#10 0x7f87c3e44db3 in PingImages constitute.c:327:10
#11 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#12 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#13 0x514a47 in MagickMain magick.c:149:10
#14 0x5144a1 in main magick.c:180:10
#15 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 19 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c406b5c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7f87c41f4653 in ConstantString string.c:701:26
#4 0x7f87c41bed06 in CloneSplayTree splay-tree.c:372:7
#5 0x7f87c409bff5 in CloneImageOptions option.c:1880:27
#6 0x7f87c40265c4 in CloneImageInfo image.c:1007:10
#7 0x7f87c445227a in ReadMATImage mat.c:958:16
#8 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#9 0x7f87c41def59 in ReadStream stream.c:1045:9
#10 0x7f87c3e4460f in PingImage constitute.c:226:9
#11 0x7f87c3e44db3 in PingImages constitute.c:327:10
#12 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#13 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7f87c406b566 in AcquireMagickMemory memory.c:464:10
#2 0x7f87c406b5c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7f87c41f4653 in ConstantString string.c:701:26
#4 0x7f87c41bec81 in CloneSplayTree splay-tree.c:371:43
#5 0x7f87c409bff5 in CloneImageOptions option.c:1880:27
#6 0x7f87c40265c4 in CloneImageInfo image.c:1007:10
#7 0x7f87c445227a in ReadMATImage mat.c:958:16
#8 0x7f87c3e45a68 in ReadImage constitute.c:497:13
#9 0x7f87c41def59 in ReadStream stream.c:1045:9
#10 0x7f87c3e4460f in PingImage constitute.c:226:9
#11 0x7f87c3e44db3 in PingImages constitute.c:327:10
#12 0x7f87c357f596 in IdentifyImageCommand identify.c:319:18
#13 0x7f87c363d2af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7f87bd586f44 in __libc_start_main (libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 22612 byte(s) leaked in 11 allocation(s).
Version: ImageMagick 7.0.6-6 Q16 x86_64
A memory leak vulnerability was found in function ReadMATImage ,which allow attackers to cause a denial of service via a crafted file.
testcase: https://github.com/jgj212/poc/blob/master/leak-ReadMATImage3
Credit:ADLab of Venustech
The text was updated successfully, but these errors were encountered: