memory leak in WritePCXImage

[bestshow]

Version: ImageMagick 7.0.6-6 Q16 x86_64

A memory leak vulnerability was found in function WritePCXImage in coders/pcx.c,which allow attackers to cause a denial of service via a crafted file.

#./convert $FILE out.DCX
=================================================================
==42025==ERROR: detected memory leaks

Direct leak of 8192 byte(s) in 1 object(s) allocated from:
    #0 0x4ec5a6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x9b9a68 in WritePCXImage /home/test/Downloads/IM-afl/ImageMagick-master/coders/pcx.c:914:39
    #2 0xe0232c in WriteImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:1114:14
    #3 0xe035c7 in WriteImages /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:1333:13
    #4 0x156881c in ConvertImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/convert.c:3280:11
    #5 0x174f66c in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
    #6 0x5229f3 in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
    #7 0x5229f3 in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
    #8 0x7fba4f5b4b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

8192 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_WritePCXImage
Credit:ADLab of Venustech

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.

[fgeek]

Please use CVE-2017-13058 for this issue.