oss-sec mailing list archives
GraphicsMagick heap out of bounds write issue
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Thu, 23 Feb 2017 21:18:17 -0600 (CST)
GraphicsMagick versions up to 1.3.25 encounter a write beyond an allocated heap buffer when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required.
This is the tiffinfo description of the problematic TIFF file: TIFF Directory at offset 0x808 (2056) Image Width: 34 Image Length: 48 Bits/Sample: 8 Sample Format: unsigned integer Compression Scheme: None Photometric Interpretation: separated Extra Samples: 1<unassoc-alpha> Orientation: row 0 top, col 0 lhs Samples/Pixel: 2 Rows/Strip: 32 Planar Configuration: single image planeThe fix for this is Mercurial changeset 14998:6156b4c2992d which may be viewed at SourceForge via this link:
https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/ A minimal patch to correct the problem is attached. This issue was reported to us on February 15, 2017 by Valon Chu. Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Attachment:
tiff.c.patch
Description:
Current thread:
- GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 23)
- Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 24)
- Re: Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 28)
- Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 24)