0x00007ffff413e1c5 in ReadBlobByte (image=0x607c00011900) at MagickCore/blob.c:3661
3661 p=(const unsigned char *) ReadBlobStream(image,1,buffer,&count);
(gdb) bt
#0 0x00007ffff413e1c5 in ReadBlobByte (image=0x607c00011900) at MagickCore/blob.c:3661
#1 0x00007ffff47dc5f0 in ExtractPostscript (image=0x607c00011900, image_info=0x607a0000d100, PS_Offset=71672, PS_Size=2013292078, exception=0x600c0000b0c0) at coders/wpg.c:769
#2 0x00007ffff47e10a2 in ReadWPGImage (image_info=0x607a0000d100, exception=0x600c0000b0c0) at coders/wpg.c:1408
#3 0x00007ffff41c56d6 in ReadImage (image_info=0x607a00010500, exception=0x600c0000b0c0) at MagickCore/constitute.c:497
#4 0x00007ffff41c7d3c in ReadImages (image_info=0x607a00013900, filename=0x60040000c710 "/tmp/cpu4.poc", exception=0x600c0000b0c0) at MagickCore/constitute.c:866
#5 0x00007ffff39e179c in ConvertImageCommand (image_info=0x607a00013900, argc=3, argv=0x60060000ed10, metadata=0x7fffffffc090, exception=0x600c0000b0c0) at MagickWand/convert.c:641
#6 0x00007ffff3b84a11 in MagickCommandGenesis (image_info=0x607a00016d00, command=0x4010d0 <ConvertImageCommand@plt>, argc=3, argv=0x7fffffffe4d8, metadata=0x0, exception=0x600c0000b0c0)
at MagickWand/mogrify.c:183
#7 0x000000000040164d in MagickMain (argc=3, argv=0x7fffffffe4d8) at utilities/magick.c:149
#8 0x00000000004017e2 in main (argc=3, argv=0x7fffffffe4d8) at utilities/magick.c:180
When debug we found a very large number in PS_Size
Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-12 Q16 x86_64 , which can cause huge CPU consumption. (cpu 100%)
The policy.xml is as following
convert ReadWPGImage-cpu-exhaustion /dev/null
gdb backtrace
When debug we found a very large number in PS_Size
testcase:
https://github.com/henices/pocs/raw/master/ReadWPGImage-cpu-exhaustion
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: