Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
$ magick -version Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org Copyright: © 1999-2017 ImageMagick Studio LLC License: http://www.imagemagick.org/script/license.php Features: Cipher DPC HDRI OpenMP Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib
Trigger Command: magick ReadPSDChannelZip-memory-leaks /dev/null
magick: unexpected end-of-file `ReadPSDChannelZip-memory-leaks' @ error/psd.c/ReadPSDChannelZip/1247. magick: unable to decompress image `ReadPSDChannelZip-memory-leaks' @ error/psd.c/ReadPSDChannel/1408. ================================================================= ==10717==ERROR: LeakSanitizer: detected memory leaks Direct leak of 27260 byte(s) in 1 object(s) allocated from: #0 0x7f14e35e8850 in malloc (/lib64/libasan.so.4+0xde850) #1 0x7f14e29fd38c in AcquireMagickMemory MagickCore/memory.c:464 #2 0x7f14e29fd3e0 in AcquireQuantumMemory MagickCore/memory.c:537 #3 0x7f14e2db6505 in ReadPSDChannelZip coders/psd.c:1236 #4 0x7f14e2db7364 in ReadPSDChannel coders/psd.c:1387 #5 0x7f14e2db7ea0 in ReadPSDLayer coders/psd.c:1470 #6 0x7f14e2dbaee7 in ReadPSDLayersInternal coders/psd.c:1834 #7 0x7f14e2dbe4ed in ReadPSDImage coders/psd.c:2182 #8 0x7f14e283038f in ReadImage MagickCore/constitute.c:497 #9 0x7f14e2833258 in ReadImages MagickCore/constitute.c:866 #10 0x7f14e228b86a in CLINoImageOperator MagickWand/operation.c:4763 #11 0x7f14e228eb72 in CLIOption MagickWand/operation.c:5258 #12 0x7f14e21375f8 in ProcessCommandOptions MagickWand/magick-cli.c:424 #13 0x7f14e2138ea0 in MagickImageCommand MagickWand/magick-cli.c:794 #14 0x7f14e21720e6 in MagickCommandGenesis MagickWand/mogrify.c:183 #15 0x401a36 in MagickMain utilities/magick.c:149 #16 0x401ca0 in main utilities/magick.c:180 #17 0x7f14de307889 in __libc_start_main (/lib64/libc.so.6+0x20889) SUMMARY: AddressSanitizer: 27260 byte(s) leaked in 1 allocation(s).
testcase: https://github.com/henices/pocs/raw/master/ReadPSDChannelZip-memory-leaks
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered:
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.
Sorry, something went wrong.
https://github.com/ImageMagick/ImageMagick/issues/874
8204599
4a71d71
This was assigned CVE-2017-17886.
No branches or pull requests
$ magick -version
Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-11-21 http://www.imagemagick.org
Copyright: © 1999-2017 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib fontconfig freetype jng jpeg lzma pangocairo png tiff x xml zlib
Trigger Command: magick ReadPSDChannelZip-memory-leaks /dev/null
testcase:
https://github.com/henices/pocs/raw/master/ReadPSDChannelZip-memory-leaks
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: