Headline
CVE-2019-13310: https://github.com/ImageMagick/ImageMagick/issues/1616 · ImageMagick/ImageMagick@5f21230
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
@@ -7908,6 +7908,8 @@ WandExport MagickBooleanType MogrifyImageList(ImageInfo *image_info, &distortion,exception); if (difference_image == (Image *) NULL) break; reconstruct_image=DestroyImage(reconstruct_image); image=DestroyImage(image); if (*images != (Image *) NULL) *images=DestroyImageList(*images); *images=difference_image; @@ -8295,6 +8297,7 @@ WandExport MagickBooleanType MogrifyImageList(ImageInfo *image_info, q=GetImageFromList(*images,index-1); if (q == (Image *) NULL) { p=DestroyImage§; (void) ThrowMagickException(exception,GetMagickModule(), OptionError,"NoSuchImage","`%s’",argv[i+1]); status=MagickFalse;
Related news
Ubuntu Security Notice 7053-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These vulnerabilities included heap and stack-based buffer overflows, memory leaks, and improper handling of uninitialized values.