Headline

CVE-2019-13298: heap-buffer-overflow at MagickCore/pixel-accessor.h:804:56 in SetPixelViaPixelInfo · Issue #1611 · ImageMagick/ImageMagick

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.

5 years ago

CVE

Open in Source

#linux #buffer_overflow

There’s a heap-buffer-overflow at MagickCore/pixel-accessor.h:804:56 in SetPixelViaPixelInfo.

run_cmd:
magick -seed 0 "(" magick:netscape -random-threshold 66x4 -resize 72%+20-45 ")" "(" magick:netscape -shear 40 -enhance ")" tmp

Here’s ASAN log.

=================================================================
==6928==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7faaff40fa80 at pc 0x7fab0dddcb45 bp 0x7fff3e3ee2b0 sp 0x7fff3e3ee2a8
WRITE of size 4 at 0x7faaff40fa80 thread T0
    #0 0x7fab0dddcb44 in SetPixelViaPixelInfo ./MagickCore/pixel-accessor.h:804:56
    #1 0x7fab0ddf1234 in EnhanceImage MagickCore/enhance.c:1976:7
    #2 0x7fab0d63a171 in CLISimpleOperatorImage MagickWand/operation.c:2284:21
    #3 0x7fab0d632c78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #4 0x7fab0d658315 in CLIOption MagickWand/operation.c:5273:16
    #5 0x7fab0d499a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #6 0x7fab0d49ad0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #7 0x7fab0d4e4ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #8 0x526f95 in MagickMain utilities/magick.c:149:10
    #9 0x5268e1 in main utilities/magick.c:180:10
    #10 0x7fab07f5bb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #11 0x41b069 in _start (install/bin/magick+0x41b069)

0x7faaff40fa80 is located 0 bytes to the right of 905856-byte region [0x7faaff332800,0x7faaff40fa80)
allocated by thread T0 here:
    #0 0x4e6200 in __interceptor_posix_memalign (install/bin/magick+0x4e6200)
    #1 0x7fab0ded3ed6 in AcquireAlignedMemory MagickCore/memory.c:265:7
    #2 0x7fab0dc1c61c in OpenPixelCache MagickCore/cache.c:3728:46
    #3 0x7fab0dc22901 in GetImagePixelCache MagickCore/cache.c:1754:18
    #4 0x7fab0dc28bc9 in SyncImagePixelCache MagickCore/cache.c:5488:28
    #5 0x7fab0de87831 in SetImageStorageClass MagickCore/image.c:2627:10
    #6 0x7fab0dde375f in EnhanceImage MagickCore/enhance.c:1891:7
    #7 0x7fab0d63a171 in CLISimpleOperatorImage MagickWand/operation.c:2284:21
    #8 0x7fab0d632c78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #9 0x7fab0d658315 in CLIOption MagickWand/operation.c:5273:16
    #10 0x7fab0d499a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #11 0x7fab0d49ad0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #12 0x7fab0d4e4ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #13 0x526f95 in MagickMain utilities/magick.c:149:10
    #14 0x5268e1 in main utilities/magick.c:180:10
    #15 0x7fab07f5bb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow ./MagickCore/pixel-accessor.h:804:56 in SetPixelViaPixelInfo

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago