oss-sec mailing list archives

Re: ImageMagick identify "d:" hangs

From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Tue, 27 Sep 2016 09:56:58 -0500 (CDT)

On Tue, 27 Sep 2016, Jakub Wilk wrote:

* Bob Friesenhahn <bfriesen () simple dallas tx us>, 2016-09-27, 08:48:
From my own investigations, I used

 identify -debug all "d:"
and see that a temporary file is reported to be created and then theprogram hangs which no apparent CPU usage.
strace tells me that it waits for input on stdin.
This is a simpler way to make it "hang":

 identify -

This is what I expected was happening. The main thing to investigateis if the "ImageTragick" patches distributions are using do protectagainst this possible issue as well.


Bob
--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Current thread:

ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: ImageMagick identify "d:" hangs Jakub Wilk (Sep 27)
  - Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
    - Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 28)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
    - Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
    - Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
    - Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)

(Thread continues...)