endless loop in ReadCAPTIONImage #771

noirfate · 2017-09-21T09:07:05Z

Version: ImageMagick 7.0.7-3 x86-64

I add a crafted font in ~/.config/ImageMagick/type.xml

 format="ttf"
 name="test"
 fullname="test font"
 family="URW Gothic"
 glyphs="/root/test.ttf"

and then run

magick -background lightblue -fill blue -font test -size 480x360 caption:'hello world' 1.gif

magick will always occupy 100% CPU. After I took a look, it maybe enter a endless loop in ReadCAPTIONImage.

The text was updated successfully, but these errors were encountered:

mikayla-grace · 2017-09-21T10:25:56Z

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

nohmask · 2017-09-26T04:16:44Z

This was assigned CVE-2017-14741.

urban-warrior pushed a commit that referenced this issue Sep 21, 2017

https://github.com/ImageMagick/ImageMagick/issues/771

7d8e148

urban-warrior pushed a commit that referenced this issue Sep 21, 2017

https://github.com/ImageMagick/ImageMagick/issues/771

bb11d07

dlemstra added the bug label Sep 21, 2017

dlemstra closed this as completed Sep 21, 2017

l2dy mentioned this issue Oct 4, 2017

imagemagick: CVE-2017-14741 AOSC-Dev/aosc-os-abbs#743

Closed

Provide feedback