Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi all,
ImageMagick-7.0.6-5, still exist in latest development branch
AcquireRandomInfoThreadSet might return NULL if AcquireMagickMemory fails, then it will cause Null Pointer Deference and Denial of Service.
AcquireMagickMemory
MagickExport Image *SketchImage(const Image *image,const double radius, const double sigma,const double angle,ExceptionInfo *exception) { ....................... status=MagickTrue; random_info=AcquireRandomInfoThreadSet(); // Might return NULL if allocating memory failed random_view=AcquireAuthenticCacheView(random_image,exception); #if defined(MAGICKCORE_OPENMP_SUPPORT) key=GetRandomSecretKey(random_info[0]); // one of the Dereference of variable `random_info` #pragma omp parallel for schedule(static,4) shared(status) \ magick_threads(random_image,random_image,random_image->rows,key == ~0UL) #endif for (y=0; y < (ssize_t) random_image->rows; y++)
Similar suspicious code pieces might also share the same issue:
ImageMagick/MagickCore/effect.c
Line 3800 in 590d5f3
ImageMagick/MagickCore/threshold.c
Line 2075 in 3c296d6
ImageMagick/MagickCore/statistic.c
Line 506 in 4e46ad9
Regards, Alex, SourceBrella Inc.
The text was updated successfully, but these errors were encountered:
https://github.com/ImageMagick/ImageMagick/issues/775
441fde3
839a14e
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
This issue was assigned CVE-2017-1000445
No branches or pull requests
Hi all,
ImageMagick-7.0.6-5, still exist in latest development branch
AcquireRandomInfoThreadSet might return NULL if
AcquireMagickMemoryfails, then it will cause Null Pointer Deference and Denial of Service.Similar suspicious code pieces might also share the same issue:
ImageMagick/MagickCore/effect.c
Line 3800 in 590d5f3
ImageMagick/MagickCore/threshold.c
Line 2075 in 3c296d6
ImageMagick/MagickCore/statistic.c
Line 506 in 4e46ad9
Regards,
Alex, SourceBrella Inc.
The text was updated successfully, but these errors were encountered: