New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

assertion failure in WriteBlobStream #674

bestshow opened this Issue Aug 14, 2017 · 3 comments


None yet
4 participants

bestshow commented Aug 14, 2017

Version: ImageMagick 7.0.6-8 Q16 x86_64

An assertion failure was found in function WriteBlobStream in MagickCore/blob.c,which allow attackers to cause a denial of service via a crafted file.

#./convert $FILE out.PDF
convert: MagickCore/blob.c:1235: ssize_t WriteBlobStream(Image *, const size_t, const void *): Assertion `image->blob->type != UndefinedStream' failed.

Credit:ADLab of Venustech

urban-warrior pushed a commit that referenced this issue Aug 14, 2017


This comment has been minimized.

Show comment
Hide comment

urban-warrior Aug 14, 2017


Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ later today. The patch will be available in the beta releases of ImageMagick @ by sometime tomorrow.


urban-warrior commented Aug 14, 2017

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ later today. The patch will be available in the beta releases of ImageMagick @ by sometime tomorrow.

@dlemstra dlemstra added the bug label Aug 18, 2017

@dlemstra dlemstra closed this Aug 18, 2017


This comment has been minimized.

Show comment
Hide comment

dlemstra Aug 18, 2017


IM7 issue only.


dlemstra commented Aug 18, 2017

IM7 issue only.


This comment has been minimized.

Show comment
Hide comment

fgeek Aug 23, 2017

Please use CVE-2017-13132 for this issue.

fgeek commented Aug 23, 2017

Please use CVE-2017-13132 for this issue.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Sep 13, 2017

ImageMagick: update to
2017-09-11  7.0.7-2 Glenn Randers-Pehrson <glennrp@image...>
  * Use signed integer arithmetic to caluculate timezone corrections (reference

2017-09-09  7.0.7-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.7-1, GIT revision 21065:ab2194121:20170909.

2017-09-09  7.0.7-1 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference

2017-09-05 7.0.7-1 Dirk Lemstra <>
  * Added -define tiff:write-layers=true to add support for writing layered
    tiff files.

2017-09-03  7.0.7-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.7-0, GIT revision 20996:2f8ac2203:20170903.

2017-08-28  7.0.7-0 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
  * Don't overwrite symbolic links when the shred policy is enabled.

2017-08-27  7.0.6-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-10, GIT revision 20920:9940c367a:20170827.

2017-08-27  7.0.6-10 Cristy  <quetzlzacatenango@image...>
  * Support -metric ssim, structual similarity index.

2017-08-26  7.0.6-10 Dirk Lemstra <>
  * Fixed thread safety issue inside the pango and librsvg decoder
    (reference: dlemstra/Magick.NET#91).

2017-08-20  7.0.6-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-9, GIT revision 20860:3f307d8ad:20170820.

2017-08-18  7.0.6-9 Glenn Randers-Pehrson <glennrp@image...>
  * Fixed bug with writing tIME chunk when timezone has a negative offset
    (reference: ImageMagick/ImageMagick#685)

2017-08-18  7.0.6-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-8, GIT revision 20838:e2eb79427:20170818.

2017-08-14  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
  * Support CubicSpline resize filter.  Define the lobes with the
    -define filter:lobes={2,3,4} (reference
  * Prevent assertion failure when creating PDF thumbnail (reference

2017-08-12  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-7, GIT revision 20799:0db4d8a16:20170812.

2017-08-12  7.0.6-7 Cristy  <quetzlzacatenango@image...>
  * Improve EPS aliasing (reference

2017-08-11  7.0.6-7 Dirk Lemstra <>
  * Added a new option called 'dds:fast-mipmaps' (reference
  * The mipmaps of a dds image can now be created from a list of images with
    -define dds:mipmaps=fromlist (reference

2017-08-10  7.0.6-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-6, GIT revision 20775:061d0fa25:20170810.

2017-08-10  7.0.6-6 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference

2017-08-10  7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
  * tests/validate.c: Show the reason for failures in the test logs,
    if available.

2017-08-03  7.0.6-6 Glenn Randers-Pehrson <glennrp@image...>
  * Put UTC time in the PNG tIME chunk instead of local time (reference

2017-08-02  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-5, GIT revision 20715:26b28d50a:20170802.

2017-08-01  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference

2017-07-29  7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Properly set image->colorspace in the PNG decoder (previously
    it was setting image->gamma, but only setting image->colorspace
    for grayscale and gray-alpha images.  Reference
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
  * Added "-define png:ignore-crc" option to PNG decoder. When you know
    your image has no CRC or ADLER32 errors, this can speed up decoding.
    It is also helpful in debugging bug reports from "fuzzers".

2017-07-29  7.0.6-5 Cristy  <quetzlzacatenango@image...>
  * Off by one error for gradient coder (reference,

2017-07-28  7.0.6-4 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-4, GIT revision 20657:4e81160d6:20170728.

2017-07-24  7.0.6-4 Cristy  <quetzlzacatenango@image...>
  * YUV coder no longer renders streaks (reference
  * Fixed numerous memory leaks (reference including
    ImageMagick/ImageMagick#618 (CVE-2017-12676).
  * coders/png.c: Initialized quantum_scanline and quantum_info
    to prevent a bad free (reference

2017-07-25  7.0.6-4 Glenn Randers-Pehrson <glennrp@image...>
  * Removed write_chunk_from_profile() from coders/png.c because it has
    not worked at least since version 6.7.6.
  * Removed many redundant checks before RelinquishMagickMemory(), which
    is safe to call with a NULL argument.
  * Added experimental PNG orNT chunk, to store image->orientation.
  * Removed vpAg chunk write support (we are now writing caNv instead).

2017-07-24  7.0.6-3 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-3, GIT revision 20598:cc9c43b44:20170724.

2017-07-23  7.0.6-3 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    ImageMagick/ImageMagick#600 (CVE-2017-13141),
    ImageMagick/ImageMagick#602 (CVE-2017-12565).

2017-07-21  7.0.6-2 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-2, GIT revision 20549:62fcf3d96:20170721.

2017-07-19  7.0.6-2 Cristy  <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
  * The -monochrome option no longer returns a blank canvas (reference
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference

2017-07-15  7.0.6-2 Glenn Randers-Pehrson <glennrp@image...>
  * Added caNv, eXIf, and pHYs to the list of PNG chunks to be removed
    by the "-strip" option.

2017-07-15  7.0.6-1 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-1, GIT revision 20447:c2a315e10:20170715.

2017-07-13  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Implemented PNG eXIf chunk support.

2017-07-08  7.0.6-1 Cristy  <quetzlzacatenango@image...>
  * Support new -auto-threshold option.  OTSU and Triangle methods are
    currently supported.  Look for the Kapur method in the next release.
  * Fixed numerous memory leaks (reference
  * Don't use variable float_t / double_t, bump SO (reference
  * Support DNG images with libraw delegate library.

2017-07-02  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Reject PNG file that is too small (under 60 bytes) to contain
    a valid image.
  * Reject JPEG file that is too small (under 107 bytes) to contain
    a valid image.
  * Reject JNG file that is too small (under 147 bytes) to contain
    a valid image.

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    CVE 2017-11310).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment