oss-sec mailing list archives
Re: Imagemagick fuzzing bug
From: Yury German <yury () technologysecure com>
Date: Sat, 17 Jan 2015 13:06:07 -0500
Do we have a CVE assigned to this by chance?
On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES <roucaries.bastien () gmail com> wrote: Hi, during the previous month google and Jodie Cunningham. have done a security audit of imagemagick and found a lot of security bug: * Avoid a DOS in vision.c due to an infinite loop. * Avoid a SEGV due to a corrupted pnm file. * Do not leak fd due to corrupted file. * Fix a double free in pdb coder. * Fix a SEGV due to corrupted dpc and xwd images. * Fix a SEGV in dpx file handler. * Fix a SEGV in malformed xwd file handler. * Avoid a NULL pointer dereference in ps file handling. * Fix a crash with corrupted viff file. * Fix a NULL pointer dereference in wpg file handling. * Do not continue on corrupted wpg file. * Avoid an out of bound access in viff image. * Avoid a heap buffer overflow in pdb file handling. * Avoid an out of bound acess on malformed sun file. * Avoid heap overflow in palm, pnm and xpm files. * Fix heap overflow in quantum, palm and psd file. * Fix handling of corrupted of psd, sun and xpm file. * Fix corrupted (too many colors) psd file. * Fix an out of bound acess in sun file. * Fix handling of corrupted sun and wpg file. * Fix heap overflow in pcx file, psd, pict and wpf files and DOS in xpm files. * Add additional PNM sanity checks. * Avoid a crash to out of memory in magick/cache.c * Fix a theorical out of bound access in magick/colormap-private.h * Fix an out of bound access in palm file. * Fixed throwing of exceptions in psd handling and fix a memory leak. * Fixed boundary checks in DecodePSDPixels. * Fix another out of bound problem in rle file. * Fix crash due to corrupted dib file. * Added checks to prevent overflow in rle file. * Impose a limit of 10 million columns or rows in an input PNG * Don't try to handle a "previous" image in the JNG decoder. * Avoid a memory leak in quantum management. * Avoid a crash in png coder. * Thread limit should be at least 1 in order to be efficient. * In psd file handling fixed parsing resource block and avoid a crash. * In cache fix usage of object after it has been destroyed. * Avoid a memory leak in rle file handling. * During identification of image do not fill memory Patch queue is here: http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/6.8.9.9-4-for-upstream
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Imagemagick fuzzing bug Bastien ROUCARIES (Jan 01)
- <Possible follow-ups>
- Re: Imagemagick fuzzing bug Yury German (Jan 17)