memory leak in ResizeMagickMemory MagickCore/memory.c:1225

[jerryl3e]

version:
Version: ImageMagick 7.0.7-4 Q16 x86_64
gcc 7.1

crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505984356.vips

trigger command :
./magick convert im_poc_1505984356.vips /dev/null

detail :

root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick  convert im_poc_1505984356.vips /dev/null

=================================================================
==86680==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1834159 byte(s) in 1 object(s) allocated from:
    #0 0x7f676d3ead10 in __interceptor_realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded10)
    #1 0x7f676c7c7feb in ResizeMagickMemory MagickCore/memory.c:1225
    #2 0x7f676c7c806f in ResizeQuantumMemory MagickCore/memory.c:1289
    #3 0x7f676c8fe6bf in ConcatenateString MagickCore/string.c:501
    #4 0x7f676cc048c6 in ReadVIPSImage coders/vips.c:511
    #5 0x7f676c5f36dd in ReadImage MagickCore/constitute.c:497
    #6 0x7f676c5f65c4 in ReadImages MagickCore/constitute.c:866
    #7 0x7f676bdae8be in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7f676bf29722 in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x401a15 in MagickMain utilities/magick.c:149
    #10 0x401c8e in main utilities/magick.c:180
    #11 0x7f676b49182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 1834159 byte(s) leaked in 1 allocation(s).

Credit:jerryl3e of Baidu Security Lab

[mikayla-grace]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2017-14684.