You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A "division by zero" bug in MagickCore/cache.c allows remote attacker to cause a denial of service to imagemagick via "convert 2-im2pcd out.pcd"
ASAN:DEADLYSIGNAL
122813==ERROR: AddressSanitizer: FPE on unknown address 0x000000000189 (pc 0x0000009c8ae1 bp 0x0c4a00000a26 sp 0x7ffcdaf8f780 T0)
#0 0x9c8ae0 in GetPixelCacheTileSize /home/share/imagemagic/source-imagemagick/MagickCore/cache.c:2313:16
#1 0xd36aea in IntegralRotateImage /home/share/imagemagic/source-**imagemagick/MagickCore/shear.c:764:7
#2 0xac5ed2 in RotateImage /home/share/imagemagic/source-imagemagick/MagickCore/distort.c:2830:12
#3 0x7c5824 in WritePCDImage /home/share/imagemagic/source-imagemagick/coders/pcd.c:1102:20
#4 0xa290ff in WriteImage /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1114:14
#5 0xa2a32d in WriteImages /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1333:13
#6 0xeb5a6a in ConvertImageCommand /home/share/imagemagic/source-imagemagick/MagickWand/convert.c:3280:11
#7 0xfc75da in MagickCommandGenesis /home/share/imagemagic/source-imagemagick/MagickWand/mogrify.c:183:14
#8 0x519269 in MagickMain /home/share/imagemagic/source-imagemagick/utilities/magick.c:162:10
#9 0x519269 in main /home/share/imagemagic/source-imagemagick/utilities/magick.c:197
#10 0x7f122ad4182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x420f98 in _start (/home/share/imagemagic/test/magick+0x420f98)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/share/imagemagic/source-imagemagick/MagickCore/cache.c:2313:16 in GetPixelCacheTileSize
==122813==ABORTING
Note that this issue was found by lifuhao from Aliyun Security Team.
Thanks.
The text was updated successfully, but these errors were encountered:
0ahu
changed the title
"FPE on unknown address" error when converting to pdf
"FPE on unknown address" error when converting file to pdf
Aug 31, 2017
0ahu
changed the title
"FPE on unknown address" error when converting file to pdf
"FPE on unknown address" error when converting a file to pcd
Aug 31, 2017
0ahu
changed the title
"FPE on unknown address" error when converting a file to pcd
"FPE on unknown address" error while converting a file to pcd
Aug 31, 2017
A "division by zero" bug in MagickCore/cache.c allows remote attacker to cause a denial of service to imagemagick via "convert 2-im2pcd out.pcd"
And the poc:
https://github.com/lifuhao123/feijidepoc/blob/master/2-im2pcd
Note that this issue was found by lifuhao from Aliyun Security Team.
Thanks.
The text was updated successfully, but these errors were encountered: