Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 , which can cause huge CPU and Memory consumption. (CPU 100%, Memory 100%)
Be careful, please monitor the memory percentage, I had to reboot my computer a few minutes ago.
Debug
When debug we found the program is always in a while loop coders/png.c:7408
(gdb) b coders/png.c:7408
No source file named coders/png.c.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (coders/png.c:7408) pending.
(gdb) r
Starting program: /usr/local/bin/magick convert timeout-id:000016,src:004300,op:havoc,rep:4 /dev/null
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb)
Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 10
Will ignore next 9 crossings of breakpoint 1. Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 20
Will ignore next 19 crossings of breakpoint 1. Continuing.
Breakpoint 1, ReadOneMNGImage (mng_info=0x62a000000200, image_info=0x62700000a900, exception=0x606000001040) at coders/png.c:7408
7408 } while (LocaleCompare(image_info->magick,"MNG") == 0);
(gdb) c 10000000
Will ignore next 9999999 crossings of breakpoint 1. Continuing.
INFO
Hello all.
We found a denial of service (DoS) issue in ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 , which can cause huge CPU and Memory consumption. (CPU 100%, Memory 100%)
magick -version
Version: ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP
Delegates (built-in): bzlib cairo djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png rsvg tiff webp wmf x xml zlib
The policy.xml is as following
Trigger Command: magick convert ./cpu-memory-exhaustion-mng /dev/null
Be careful, please monitor the memory percentage, I had to reboot my computer a few minutes ago.
Debug
When debug we found the program is always in a while loop coders/png.c:7408
testcase: https://github.com/henices/pocs/raw/master/cpu-memory-exhaustion-mng
Credit: Nsfocus Security Team
The text was updated successfully, but these errors were encountered: