A heap buffer overflow vulnerability was found in function WritePCXImage in coders/pcx.c,which allow attackers to cause a denial of service or remote code execution via a crafted file.
./magick convert 4-im2pcx out.pcx
AddressSanitizer: heap-buffer-overflow on address 0x631000010f40 at pc 0x0000007dbd4c bp 0x7fffa9b7d8d0 sp 0x7fffa9b7d8c8
WRITE of size 1 at 0x631000010f40 thread T0
#0 0x7dbd4b in WritePCXImage /home/share/imagemagic/source-imagemagick/coders/pcx.c:1094:19
#1 0xa290ff in WriteImage /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1114:14
#2 0xa2a32d in WriteImages /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1333:13
#3 0xeb5a6a in ConvertImageCommand /home/share/imagemagic/source-imagemagick/MagickWand/convert.c:3280:11
#4 0xfc75da in MagickCommandGenesis /home/share/imagemagic/source-imagemagick/MagickWand/mogrify.c:183:14
#5 0x519269 in MagickMain /home/share/imagemagic/source-imagemagick/utilities/magick.c:162:10
#6 0x519269 in main /home/share/imagemagic/source-imagemagick/utilities/magick.c:197
#7 0x7fa32695882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x420f98 in _start (/home/share/pocs/magick+0x420f98)
0x631000010f40 is located 0 bytes to the right of 65344-byte region [0x631000001000,0x631000010f40)
allocated by thread T0 here:
#0 0x4e2c60 in __interceptor_posix_memalign /home/share/libfuzzer/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:156
#1 0x55c01a in AcquireAlignedMemory /home/share/imagemagic/source-imagemagick/MagickCore/memory.c:262:7
#2 0x55c01a in AcquireVirtualMemory /home/share/imagemagic/source-imagemagick/MagickCore/memory.c:635
#3 0x7d9411 in WritePCXImage /home/share/imagemagic/source-imagemagick/coders/pcx.c:1008:16
#4 0xa290ff in WriteImage /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1114:14
#5 0xa2a32d in WriteImages /home/share/imagemagic/source-imagemagick/MagickCore/constitute.c:1333:13
#6 0xeb5a6a in ConvertImageCommand /home/share/imagemagic/source-imagemagick/MagickWand/convert.c:3280:11
#7 0xfc75da in MagickCommandGenesis /home/share/imagemagic/source-imagemagick/MagickWand/mogrify.c:183:14
#8 0x519269 in MagickMain /home/share/imagemagic/source-imagemagick/utilities/magick.c:162:10
#9 0x519269 in main /home/share/imagemagic/source-imagemagick/utilities/magick.c:197
#10 0x7fa32695882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/share/imagemagic/source-imagemagick/coders/pcx.c:1094:19 in WritePCXImage``
Version: ImageMagick 7.0.6-8 Q16 x86_64
A heap buffer overflow vulnerability was found in function WritePCXImage in coders/pcx.c,which allow attackers to cause a denial of service or remote code execution via a crafted file.
testcase: https://github.com/lifuhao123/feijidepoc/blob/master/4-im2pcx
Note that this issue was found by lifuhao from Aliyun Security Team.
Thanks
The text was updated successfully, but these errors were encountered: