Skip to content
/ xbmdump Public

Exploit for ImageMagick's uninitialized memory disclosure in xbm coder

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

d0ge/xbmdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
sample.xbm
sample.xbm
 
 
xbmdump.py
xbmdump.py
 
 

Repository files navigation

xbmdump

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 (https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786) leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. Exploit for ImageMagick's uninitialized memory disclosure in xbm coder. This exploit is based on https://github.com/neex/gifoeb source code.

How to

  1. Run ./xbmdump gen 128x128 dump.xbm. The script needs ImageMagick (default) or GraphicsMagick (use --tool GM) to generate the images.

  2. Change file extension from xbm to any in web server whitelist (png, gif, jpg, jpeg, etc.)

  3. Upload dump.gif somewhere. If the following conditions hold true

    1. A preview is generated
    2. It changes significantly from one upload to another

    then you're lucky.

  4. Download and save the preview as output.ext.

  5. Run ./xbmdump recover output.ext

About

Exploit for ImageMagick's uninitialized memory disclosure in xbm coder

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages