You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 , which can cause huge CPU and Memory consumption. (CPU 100%, Memory 100%)
Be careful, please monitor the memory percentage, I had to reboot my computer a few minutes ago.
Debug
When debug we found the program is always in a while loop coders/png.c:7408
(gdb) b coders/png.c:7408
No source file named coders/png.c.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (coders/png.c:7408) pending.
(gdb) r
Starting program: /usr/local/bin/magick convert timeout-id:000016,src:004300,op:havoc,rep:4 /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb)
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 10
Will ignore next 9 crossings of breakpoint 1. Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 20
Will ignore next 19 crossings of breakpoint 1. Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 10000000
Will ignore next 9999999 crossings of breakpoint 1. Continuing.
INFO
Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 , which can cause huge CPU and Memory consumption. (CPU 100%, Memory 100%)
magick -version
Version: ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib
The policy.xml is as following
Trigger Command: magick convert ./cpu-memory-exhaustion-mng /dev/null
Be careful, please monitor the memory percentage, I had to reboot my computer a few minutes ago.
Debug
When debug we found the program is always in a while loop coders/png.c:7408
testcase: https://github.com/henices/pocs/raw/master/cpu-memory-exhaustion-mng
Credit: Nsfocus Security Team
The text was updated successfully, but these errors were encountered: