Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in WriteMETAImage #669

Closed
bestshow opened this issue Aug 11, 2017 · 1 comment
Closed

memory leak in WriteMETAImage #669

bestshow opened this issue Aug 11, 2017 · 1 comment
Labels

Comments

@bestshow
Copy link

Version: ImageMagick 7.0.6-6 Q16 x86_64

A memory leak vulnerability was found in function WriteMETAImage in coders/meta.c,which allow attackers to cause a denial of service via a crafted file.

#./convert $FILE out.IPTCTEXT
=================================================================
==27191==ERROR: detected memory leaks

Direct leak of 35193 byte(s) in 1 object(s) allocated from:
    #0 0x4ec5a6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x8f4b97 in formatIPTC /home/test/Downloads/IM-afl/ImageMagick-master/coders/meta.c:1920:27
    #2 0x8f4b97 in WriteMETAImage /home/test/Downloads/IM-afl/ImageMagick-master/coders/meta.c:2348
    #3 0xe0232c in WriteImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:1114:14
    #4 0xe035c7 in WriteImages /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:1333:13
    #5 0x156881c in ConvertImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/convert.c:3280:11
    #6 0x174f66c in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
    #7 0x5229f3 in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
    #8 0x5229f3 in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
    #9 0x7fe6c3302b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

35193 byte(s) leaked in 1 allocation(s).

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_WriteMETAImage_formatIPTC
Credit:ADLab of Venustech

dlemstra added a commit that referenced this issue Aug 11, 2017
dlemstra added a commit that referenced this issue Aug 11, 2017
@dlemstra dlemstra added the bug label Aug 11, 2017
@fgeek
Copy link

fgeek commented Aug 22, 2017

Please use CVE-2017-13062 for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

3 participants