A memory leak vulnerability was found in function ReadXCFImage ,which allow attackers to cause a denial of service via a crafted file.
#./identify $FILE
==10362==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 545177268 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3facb035b in load_tile xcf.c:362:28
#4 0x7ff3facafcfe in load_level xcf.c:671:15
#5 0x7ff3facaf89a in load_hierarchy xcf.c:758:7
#6 0x7ff3facaf202 in ReadOneLayer xcf.c:938:7
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Direct leak of 13488 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa689aef in CloneImage image.c:829:25
#3 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#4 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#5 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#6 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#7 0x7ff3fa4b060f in PingImage constitute.c:226:9
#8 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#9 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#10 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#11 0x514a47 in MagickMain magick.c:149:10
#12 0x5144a1 in main magick.c:180:10
#13 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 13024 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa687ba3 in AcquireImageInfo image.c:347:28
#3 0x7ff3fa690d13 in CloneImageInfo image.c:952:14
#4 0x7ff3fa68a38c in CloneImage image.c:845:27
#5 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#9 0x7ff3fa4b060f in PingImage constitute.c:226:9
#10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#13 0x514a47 in MagickMain magick.c:149:10
#14 0x5144a1 in main magick.c:180:10
#15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa433164 in AcquirePixelCache cache.c:195:28
#4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
#5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
#6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
#7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
#8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
#9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
#10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#13 0x7ff3fa4b060f in PingImage constitute.c:226:9
#14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#17 0x514a47 in MagickMain magick.c:149:10
#18 0x5144a1 in main magick.c:180:10
#19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 9096 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa433164 in AcquirePixelCache cache.c:195:28
#4 0x7ff3fa84abec in ReadStream stream.c:1027:20
#5 0x7ff3fa4b060f in PingImage constitute.c:226:9
#6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa71704a in AcquirePixelChannelMap pixel.c:101:35
#4 0x7ff3fa717224 in ClonePixelChannelMap pixel.c:139:13
#5 0x7ff3fa68a766 in CloneImage image.c:856:28
#6 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 280 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa4118cd in CloneBlobInfo blob.c:504:27
#3 0x7ff3fa68ac1f in CloneImage image.c:874:25
#4 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#5 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#6 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#7 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#8 0x7ff3fa4b060f in PingImage constitute.c:226:9
#9 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#10 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#11 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#12 0x514a47 in MagickMain magick.c:149:10
#13 0x5144a1 in main magick.c:180:10
#14 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa433c24 in AcquirePixelCacheNexus cache.c:268:31
#4 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
#5 0x7ff3fa84abec in ReadStream stream.c:1027:20
#6 0x7ff3fa4b060f in PingImage constitute.c:226:9
#7 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#8 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#9 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#10 0x514a47 in MagickMain magick.c:149:10
#11 0x5144a1 in main magick.c:180:10
#12 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa82aee5 in NewSplayTree splay-tree.c:1106:32
#3 0x7ff3fa7633aa in SetImageProperty property.c:4022:23
#4 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
#5 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
#6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#9 0x7ff3fa4b060f in PingImage constitute.c:226:9
#10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#13 0x514a47 in MagickMain magick.c:149:10
#14 0x5144a1 in main magick.c:180:10
#15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa433c24 in AcquirePixelCacheNexus cache.c:268:31
#4 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
#5 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
#6 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
#7 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
#8 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
#9 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
#10 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
#11 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#12 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#13 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#14 0x7ff3fa4b060f in PingImage constitute.c:226:9
#15 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#16 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#17 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#18 0x514a47 in MagickMain magick.c:149:10
#19 0x5144a1 in main magick.c:180:10
#20 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa82aee5 in NewSplayTree splay-tree.c:1106:32
#3 0x7ff3fa82ab14 in CloneSplayTree splay-tree.c:359:14
#4 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
#5 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
#6 0x7ff3fa68a38c in CloneImage image.c:845:27
#7 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#8 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#9 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#10 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#11 0x7ff3fa4b060f in PingImage constitute.c:226:9
#12 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#13 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#14 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#15 0x514a47 in MagickMain magick.c:149:10
#16 0x5144a1 in main magick.c:180:10
#17 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa82b266 in NewSplayTree splay-tree.c:1119:25
#4 0x7ff3fa82ab14 in CloneSplayTree splay-tree.c:359:14
#5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
#6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
#7 0x7ff3fa68a38c in CloneImage image.c:845:27
#8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#12 0x7ff3fa4b060f in PingImage constitute.c:226:9
#13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#16 0x514a47 in MagickMain magick.c:149:10
#17 0x5144a1 in main magick.c:180:10
#18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa4339d2 in AcquirePixelCache cache.c:228:30
#4 0x7ff3fa84abec in ReadStream stream.c:1027:20
#5 0x7ff3fa4b060f in PingImage constitute.c:226:9
#6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa4126c7 in GetBlobInfo blob.c:1414:24
#4 0x7ff3fa4119bc in CloneBlobInfo blob.c:507:3
#5 0x7ff3fa68ac1f in CloneImage image.c:874:25
#6 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa433943 in AcquirePixelCache cache.c:226:25
#4 0x7ff3fa84abec in ReadStream stream.c:1027:20
#5 0x7ff3fa4b060f in PingImage constitute.c:226:9
#6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa6d73a2 in AcquireAlignedMemory memory.c:262:7
#2 0x7ff3fa433b2e in AcquirePixelCacheNexus cache.c:264:29
#3 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
#4 0x7ff3fa84abec in ReadStream stream.c:1027:20
#5 0x7ff3fa4b060f in PingImage constitute.c:226:9
#6 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#7 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#8 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#9 0x514a47 in MagickMain magick.c:149:10
#10 0x5144a1 in main magick.c:180:10
#11 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa82b266 in NewSplayTree splay-tree.c:1119:25
#4 0x7ff3fa7633aa in SetImageProperty property.c:4022:23
#5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
#6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa4339d2 in AcquirePixelCache cache.c:228:30
#4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
#5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
#6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
#7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
#8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
#9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
#10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#13 0x7ff3fa4b060f in PingImage constitute.c:226:9
#14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#17 0x514a47 in MagickMain magick.c:149:10
#18 0x5144a1 in main magick.c:180:10
#19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa433943 in AcquirePixelCache cache.c:226:25
#4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
#5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
#6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
#7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
#8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
#9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
#10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#13 0x7ff3fa4b060f in PingImage constitute.c:226:9
#14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#17 0x514a47 in MagickMain magick.c:149:10
#18 0x5144a1 in main magick.c:180:10
#19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa6d73a2 in AcquireAlignedMemory memory.c:262:7
#2 0x7ff3fa433b2e in AcquirePixelCacheNexus cache.c:264:29
#3 0x7ff3fa433684 in AcquirePixelCache cache.c:211:26
#4 0x7ff3fa4344e5 in ClonePixelCache cache.c:418:28
#5 0x7ff3fa44dd8e in GetImagePixelCache cache.c:1652:29
#6 0x7ff3fa453029 in SyncImagePixelCache cache.c:5269:28
#7 0x7ff3fa68bc76 in SetImageStorageClass image.c:2513:10
#8 0x7ff3fa68c71d in SetImageBackgroundColor image.c:2322:7
#9 0x7ff3facaef7e in ReadOneLayer xcf.c:917:10
#10 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#11 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#12 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#13 0x7ff3fa4b060f in PingImage constitute.c:226:9
#14 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#15 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#16 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#17 0x514a47 in MagickMain magick.c:149:10
#18 0x5144a1 in main magick.c:180:10
#19 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4dfa25 in posix_memalign asan_malloc_linux.cc:142
#1 0x7ff3fa8151c8 in AcquireSemaphoreMemory semaphore.c:154:7
#2 0x7ff3fa814a3c in AcquireSemaphoreInfo semaphore.c:200:36
#3 0x7ff3fa68adb6 in CloneImage image.c:878:26
#4 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#5 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#6 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#7 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#8 0x7ff3fa4b060f in PingImage constitute.c:226:9
#9 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#10 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#11 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#12 0x514a47 in MagickMain magick.c:149:10
#13 0x5144a1 in main magick.c:180:10
#14 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa829e70 in AddValueToSplayTree splay-tree.c:188:21
#3 0x7ff3fa764e53 in SetImageProperty property.c:4462:10
#4 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
#5 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
#6 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#7 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#8 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#9 0x7ff3fa4b060f in PingImage constitute.c:226:9
#10 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#11 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#12 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#13 0x514a47 in MagickMain magick.c:149:10
#14 0x5144a1 in main magick.c:180:10
#15 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa829e70 in AddValueToSplayTree splay-tree.c:188:21
#3 0x7ff3fa82ad1c in CloneSplayTree splay-tree.c:371:12
#4 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
#5 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
#6 0x7ff3fa68a38c in CloneImage image.c:845:27
#7 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#8 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#9 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#10 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#11 0x7ff3fa4b060f in PingImage constitute.c:226:9
#12 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#13 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#14 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#15 0x514a47 in MagickMain magick.c:149:10
#16 0x5144a1 in main magick.c:180:10
#17 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 15 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa860653 in ConstantString string.c:701:26
#4 0x7ff3fa82ad06 in CloneSplayTree splay-tree.c:372:7
#5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
#6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
#7 0x7ff3fa68a38c in CloneImage image.c:845:27
#8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#12 0x7ff3fa4b060f in PingImage constitute.c:226:9
#13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#16 0x514a47 in MagickMain magick.c:149:10
#17 0x5144a1 in main magick.c:180:10
#18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa860653 in ConstantString string.c:701:26
#4 0x7ff3fa82ac81 in CloneSplayTree splay-tree.c:371:43
#5 0x7ff3fa707ff5 in CloneImageOptions option.c:1880:27
#6 0x7ff3fa6925c4 in CloneImageInfo image.c:1007:10
#7 0x7ff3fa68a38c in CloneImage image.c:845:27
#8 0x7ff3facaedcc in ReadOneLayer xcf.c:910:19
#9 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#10 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#11 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#12 0x7ff3fa4b060f in PingImage constitute.c:226:9
#13 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#14 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#15 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#16 0x514a47 in MagickMain magick.c:149:10
#17 0x5144a1 in main magick.c:180:10
#18 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa860653 in ConstantString string.c:701:26
#4 0x7ff3fa764e33 in SetImageProperty property.c:4463:5
#5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
#6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
Indirect leak of 1 byte(s) in 1 object(s) allocated from:
#0 0x4deec6 in __interceptor_malloc asan_malloc_linux.cc:66
#1 0x7ff3fa6d7566 in AcquireMagickMemory memory.c:464:10
#2 0x7ff3fa6d75c8 in AcquireQuantumMemory memory.c:537:10
#3 0x7ff3fa860653 in ConstantString string.c:701:26
#4 0x7ff3fa764e43 in SetImageProperty property.c:4463:30
#5 0x7ff3facaf5c4 in InitXCFImage xcf.c:773:10
#6 0x7ff3facaef94 in ReadOneLayer xcf.c:919:3
#7 0x7ff3facad5fe in ReadXCFImage xcf.c:1331:16
#8 0x7ff3fa4b1a68 in ReadImage constitute.c:497:13
#9 0x7ff3fa84af59 in ReadStream stream.c:1045:9
#10 0x7ff3fa4b060f in PingImage constitute.c:226:9
#11 0x7ff3fa4b0db3 in PingImages constitute.c:327:10
#12 0x7ff3f9beb596 in IdentifyImageCommand identify.c:319:18
#13 0x7ff3f9ca92af in MagickCommandGenesis mogrify.c:183:14
#14 0x514a47 in MagickMain magick.c:149:10
#15 0x5144a1 in main magick.c:180:10
#16 0x7ff3f3bf2f44 in __libc_start_main (libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 545223851 byte(s) leaked in 27 allocation(s).
Version: ImageMagick 7.0.6-6 Q16 x86_64
A memory leak vulnerability was found in function ReadXCFImage ,which allow attackers to cause a denial of service via a crafted file.
POC: https://github.com/jgj212/poc/blob/master/leak-ReadXCFImage
Credit: ADLab of Venustech
The text was updated successfully, but these errors were encountered: