Headline
CVE-2023-1906: heap-buffer-overflow vulnerability in latest Imagemagick including 7.1.1-4 & 7.1.1-6 (Beta)
A heap-based buffer overflow issue was discovered in ImageMagick’s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Summary
While fuzzing ImageMagick using AFL - We came across a heap overflow vulnerability which is vulnerable in 7.1.1-4,5&6.
MagickCore/quantum-import.c:3544
PoC
- git clone https://github.com/ImageMagick/ImageMagick.git
- ./configure CC=afl-clang-fast CXX=afl-clang-fast++ --disable-shared
- AFL_USE_ASAN=1 make -j$(nproc)
- run ./magick convert heapoverflow-poc /dev/null or ./magick heapoverflow-poc /dev/null
- The program will crash like see below :
Related news
Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.
Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.
Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.
Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.