A Null-Pointer Dereference issues is present in the QueueAuthenticPixelCacheNexus function within the ImageMagick/MagickCore/cache.c file. The vulnerable code is as follows:
for (i=0; i < (ssize_t)image->rows; i++)
{
q=QueueAuthenticPixels(image,0,i,image->columns,1,exception);
for (j=0; j < (ssize_t)image->columns; j++)
{
if (GetPixelRed(image,q) == ScaleCharToQuantum(1))
{
<some code>
}
Here, the variable q is getting the output of the function QueueAuthenticPixels. This function, in turn calls:
A Null-Pointer Dereference issues is present in the QueueAuthenticPixelCacheNexus function within the ImageMagick/MagickCore/cache.c file. The vulnerable code is as follows:
Here, the variable q is getting the output of the function QueueAuthenticPixels. This function, in turn calls:
The QueueAuthenticPixelCacheNexus function performs a series of asserts are explicitly returns NULL:
Once this NULL is returned back to the original function via
return(pixels);, q gets the NULL value.It gets used in a function call:
GetPixelRed(image,q)It is finally de-referenced in GetPixelRed in the following line:
Modifying the code to:
Would avoid this vulnerability.
The text was updated successfully, but these errors were encountered: