You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Null-Pointer Dereference issues is present in the QueueAuthenticPixelCacheNexus function within the ImageMagick/MagickCore/cache.c file. The vulnerable code is as follows:
for (i=0; i < (ssize_t)image->rows; i++)
{
q=QueueAuthenticPixels(image,0,i,image->columns,1,exception);
for (j=0; j < (ssize_t)image->columns; j++)
{
if (GetPixelRed(image,q) == ScaleCharToQuantum(1))
{
<some code>
}
Here, the variable q is getting the output of the function QueueAuthenticPixels. This function, in turn calls:
A Null-Pointer Dereference issues is present in the QueueAuthenticPixelCacheNexus function within the ImageMagick/MagickCore/cache.c file. The vulnerable code is as follows:
Here, the variable q is getting the output of the function QueueAuthenticPixels. This function, in turn calls:
The QueueAuthenticPixelCacheNexus function performs a series of asserts are explicitly returns NULL:
Once this NULL is returned back to the original function via
return(pixels);
, q gets the NULL value.It gets used in a function call:
GetPixelRed(image,q)
It is finally de-referenced in GetPixelRed in the following line:
Modifying the code to:
Would avoid this vulnerability.
The text was updated successfully, but these errors were encountered: