We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
version: Version: ImageMagick 7.0.7-4 Q16 x86_64 gcc 7.1
crash link : https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505984356.vips
trigger command : ./magick convert im_poc_1505984356.vips /dev/null
detail :
root@work:/home/work/fuzzing/ImageMagick/utilities# ./magick convert im_poc_1505984356.vips /dev/null ================================================================= ==86680==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1834159 byte(s) in 1 object(s) allocated from: #0 0x7f676d3ead10 in __interceptor_realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded10) #1 0x7f676c7c7feb in ResizeMagickMemory MagickCore/memory.c:1225 #2 0x7f676c7c806f in ResizeQuantumMemory MagickCore/memory.c:1289 #3 0x7f676c8fe6bf in ConcatenateString MagickCore/string.c:501 #4 0x7f676cc048c6 in ReadVIPSImage coders/vips.c:511 #5 0x7f676c5f36dd in ReadImage MagickCore/constitute.c:497 #6 0x7f676c5f65c4 in ReadImages MagickCore/constitute.c:866 #7 0x7f676bdae8be in ConvertImageCommand MagickWand/convert.c:641 #8 0x7f676bf29722 in MagickCommandGenesis MagickWand/mogrify.c:183 #9 0x401a15 in MagickMain utilities/magick.c:149 #10 0x401c8e in main utilities/magick.c:180 #11 0x7f676b49182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: 1834159 byte(s) leaked in 1 allocation(s).
Credit:jerryl3e of Baidu Security Lab
The text was updated successfully, but these errors were encountered:
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
https://github.com/ImageMagick/ImageMagick/issues/770
dd367e0
a25142f
This was assigned CVE-2017-14684.
No branches or pull requests
version:
Version: ImageMagick 7.0.7-4 Q16 x86_64
gcc 7.1
crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1505984356.vips
trigger command :
./magick convert im_poc_1505984356.vips /dev/null
detail :
Credit:jerryl3e of Baidu Security Lab
The text was updated successfully, but these errors were encountered: