Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
poc1 version: ImageMagick 7.0.7-1 Q16 x86_64 gcc 7.1
crash link : https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505120100
trigger command : ./magick convert im_poc_1505120100 output.mpc ./magick convert output.mpc output.uil
detail :
root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick im_poc_1505120100 out.mpc root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick out.mpc out.aai ASAN:SIGSEGV ================================================================= ==49786==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9150edb72b bp 0x7ffd830679e0 sp 0x7ffd83067980 T0) #0 0x7f9150edb72a in GetVirtualPixels MagickCore/cache.c:3185 #1 0x7f9151203e88 in WriteAAIImage coders/aai.c:386 #2 0x7f9150f44782 in WriteImage MagickCore/constitute.c:1114 #3 0x7f9150f453fe in WriteImages MagickCore/constitute.c:1333 #4 0x7f9150a4097a in CLINoImageOperator MagickWand/operation.c:4795 #5 0x7f9150a431d8 in CLIOption MagickWand/operation.c:5255 #6 0x7f91508e0d5f in ProcessCommandOptions MagickWand/magick-cli.c:529 #7 0x7f91508e1f27 in MagickImageCommand MagickWand/magick-cli.c:794 #8 0x7f915091a246 in MagickCommandGenesis MagickWand/mogrify.c:183 #9 0x4017e1 in MagickMain utilities/magick.c:149 #10 0x4019c2 in main utilities/magick.c:180 #11 0x7f915014682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x4012f8 in _start (/home/work/fuzzing/ImageMagick/utilities/.libs/lt-magick+0x4012f8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV MagickCore/cache.c:3185 GetVirtualPixels ==49786==ABORTING
Credit:Baidu Security Lab
The text was updated successfully, but these errors were encountered:
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
https://github.com/ImageMagick/ImageMagick/issues/746
04b863f
2c2206b
https://github.com/ImageMagick/ImageMagick/issues/741
44a5558
#746
76f94fa
#741
This was assigned CVE-2017-14400.
No branches or pull requests
poc1
version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1
crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505120100
trigger command :
./magick convert im_poc_1505120100 output.mpc
./magick convert output.mpc output.uil
detail :
Credit:Baidu Security Lab
The text was updated successfully, but these errors were encountered: