New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in Magick_png_read_raw_profile #872
Comments
|
Unfortunately we cannot reproduce the problem. With the latest ImageMagick release from the master branch, we get: |
|
I got the same output on fedora 26, but on ubuntu it makes crash. on ubuntu 14.04 convert command use libpng12, on fedora convert command use libpng16, what's your linux distribution? |
|
I find the root cause, when i use the libpng16 in ubuntu this crash is gone away. |
|
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
|
This was assigned CVE-2017-17504. |
$ convert -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg pangocairo png x xml zlib
commit: 6645a12 compile at ubuntu 14.04 x86_64
Trigger Command: convert Magick_png_read_raw_profile-heap-overflow /dev/null
testcase:
https://github.com/henices/pocs/raw/master/Magick_png_read_raw_profile-heap-overflow
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: