-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-use-after-free in MngInfoDiscardObject #918
Labels
Comments
urban-warrior
pushed a commit
that referenced
this issue
Dec 26, 2017
urban-warrior
pushed a commit
that referenced
this issue
Dec 26, 2017
urban-warrior
pushed a commit
that referenced
this issue
Dec 26, 2017
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Jan 8, 2018
2018-01-06 7.0.7-21 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.0-21, GIT revision 22168:a91afc45b:20180106. 2018-01-06 7.0.7-21 Dirk Lemstra <dirk@lem.....org> * Fix some enum values in the OpenCL code. 2018-01-06 7.0.7-20 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-20, GIT revision 22161:33a04d3e5:20180105. 2018-01-05 7.0.7-20 Cristy <quetzlzacatenango@image...> * Fixed numerous memory leaks (reference https://github.com/ImageMagick/ImageMagick/issues). 2018-01-01 7.0.7-19 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-19, GIT revision 22133:977fe08bf:20180101. 2017-12-29 7.0.7-19 Cristy <quetzlzacatenango@image...> * Check for webpmux library version 0.4.4 (reference ImageMagick/ImageMagick#896). 2017-12-26 7.0.7-18 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-18, GIT revision 22096:ad4bdeb40:20171228. 2017-12-28 7.0.7-18 Cristy <quetzlzacatenango@image...> * Fix error reading from pipe under Windows (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33288). 2017-12-26 7.0.7-17 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-17, GIT revision 22093:9caea323b:20171227. 2017-12-26 7.0.7-17 Cristy <quetzlzacatenango@image...> * Fix heap use after free error (reference ImageMagick/ImageMagick#918). 2017-12-24 7.0.7-16 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-16, GIT revision 22038:e55dc7626:20171225. 2017-12-18 7.0.7-16 Cristy <quetzlzacatenango@image...> * Fix error reading multi-layer XCF image file. * Fix possible stack overflow in WEBP reader (reference ImageMagick/ImageMagick#907) * Fixed numerous memory leaks (reference https://github.com/ImageMagick/ImageMagick/issues). 2017-12-16 7.0.7-15 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-15, GIT revision 21924:30cb31746:20171216. 2017-12-08 7.0.7-15 Cristy <quetzlzacatenango@image...> * Overall standard deviation is the average of each pixel channel (reference https://www.imagemagick.org/discourse-server/viewforum.php?f=3). * Update to the latest ImageMagick documentation. 2017-12-05 7.0.7-14 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-14, GIT revision 21855:dc73b2aba:20171205. 2017-11-30 7.0.7-14 Cristy <quetzlzacatenango@image...> * Support Stereo composite operator. * Fix build failure with --without-modules (reference ImageMagick/ImageMagick#890). 2017-11-30 7.0.7-13 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-13, GIT revision 21823:72cb0fd0c:20171130. 2017-11-30 7.0.7-13 Cristy <quetzlzacatenango@image...> * Fix build failure with libraw 0.14.8 (reference ImageMagick/ImageMagick#888). 2017-11-29 7.0.7-12 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.7-12, GIT revision 21814:5ef2c5a67:20171129. 2017-11-12 7.0.7-12 Cristy <quetzlzacatenango@image...> * The -tint option no longer munges the alpha channel (reference http://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=33070). * Don't delete in-memory blob when reading an image (reference ImageMagick/ImageMagick#886). * Support HDRI color profile management.
This was assigned CVE-2017-18272. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
INFO
Version: ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC HDRI
Delegates (built-in): bzlib djvu fftw fontconfig freetype gvc jbig jng jpeg lcms lqr lzma pangocairo png tiff webp wmf x xml zlib
Trigger Command: /usr/local/bin/magick identify -verbose use-after-free-ReadMNGImage
ASAN OUTPUT
testcase: https://github.com/henices/pocs/raw/master/use-after-free-ReadMNGImage
Credit: NSFocus Security Team <security (at) nsfocus (dot) com>
The text was updated successfully, but these errors were encountered: