You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A memory leak vulnerability was found in function NewLinkedList in MagickCore/linked-list.c ,which allow attackers to cause a denial of service via a crafted file.
#./identify $FILE
=================================================================
==52771==ERROR: detected memory leaks
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x4ec5a6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0x552ec8 in NewLinkedList /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/linked-list.c:717:32
#2 0xdf566c in ReadImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:497:13
#3 0x1329e15 in ReadStream /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/stream.c:1045:9
#4 0xdf3fc1 in PingImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:226:9
#5 0x1667f5d in IdentifyImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/identify.c:319:18
#6 0x173f51c in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
#7 0x522b18 in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
#8 0x522b18 in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
#9 0x7f4e99093b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
Indirect leak of 4194 byte(s) in 1 object(s) allocated from:
#0 0x4ec5a6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0x6ac144 in AcquireString /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/string.c:136:24
#2 0xdf566c in ReadImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:497:13
#3 0x1329e15 in ReadStream /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/stream.c:1045:9
#4 0xdf3fc1 in PingImage /home/test/Downloads/IM-afl/ImageMagick-master/MagickCore/constitute.c:226:9
#5 0x1667f5d in IdentifyImageCommand /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/identify.c:319:18
#6 0x173f51c in MagickCommandGenesis /home/test/Downloads/IM-afl/ImageMagick-master/MagickWand/mogrify.c:183:14
#7 0x522b18 in MagickMain /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:149:10
#8 0x522b18 in main /home/test/Downloads/IM-afl/ImageMagick-master/utilities/magick.c:180
#9 0x7f4e99093b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
......
4330 byte(s) leaked in 4 allocation(s).
Version: ImageMagick 7.0.6-8 Q16 x86_64
A memory leak vulnerability was found in function NewLinkedList in MagickCore/linked-list.c ,which allow attackers to cause a denial of service via a crafted file.
testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_NewLinkedList
Credit:ADLab of Venustech
The text was updated successfully, but these errors were encountered: