Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-13299: heap-buffer-overflow at MagickCore/pixel-accessor.h:116:10 in GetPixelChannel · Issue #1610 · ImageMagick/ImageMagick

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.

CVE
#linux#chrome

There’s a heap-buffer-overflow at MagickCore/pixel-accessor.h:116:10 in GetPixelChannel.

run_cmd:
magick -seed 0 "(" magick:netscape -monochrome ")" "(" magick:netscape +repage ")" -geometry 433%-80-57 -adjoin -evaluate-sequence Median tmp

Here’s ASAN log.

==30168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7febb7ba1400 at pc 0x7febc5808632 bp 0x7ffd269baff0 sp 0x7ffd269bafe8
READ of size 4 at 0x7febb7ba1400 thread T0
    #0 0x7febc5808631 in GetPixelChannel ./MagickCore/pixel-accessor.h:116:10
    #1 0x7febc5805ff6 in EvaluateImages MagickCore/statistic.c:587:33
    #2 0x7febc4e1a5bf in CLIListOperatorImages MagickWand/operation.c:4084:22
    #3 0x7febc4e2435e in CLIOption MagickWand/operation.c:5279:14
    #4 0x7febc4c65a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #5 0x7febc4c66d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #6 0x7febc4cb0ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #7 0x526f95 in MagickMain utilities/magick.c:149:10
    #8 0x5268e1 in main utilities/magick.c:180:10
    #9 0x7febbf727b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #10 0x41b069 in _start (install/bin/magick+0x41b069)

0x7febb7ba1400 is located 0 bytes to the right of 248832-byte region [0x7febb7b64800,0x7febb7ba1400)
allocated by thread T0 here:
    #0 0x4e6200 in __interceptor_posix_memalign (install/bin/magick+0x4e6200)
    #1 0x7febc569fed6 in AcquireAlignedMemory MagickCore/memory.c:265:7
    #2 0x7febc53e861c in OpenPixelCache MagickCore/cache.c:3728:46
    #3 0x7febc53ee901 in GetImagePixelCache MagickCore/cache.c:1754:18
    #4 0x7febc53f4bc9 in SyncImagePixelCache MagickCore/cache.c:5488:28
    #5 0x7febc5653831 in SetImageStorageClass MagickCore/image.c:2627:10
    #6 0x7febc54187e2 in AcquireImageColormap MagickCore/colormap.c:144:10
    #7 0x7febc575d137 in AssignImageColors MagickCore/quantize.c:514:7
    #8 0x7febc5753f38 in QuantizeImage MagickCore/quantize.c:2724:14
    #9 0x7febc53ae56c in SetImageType MagickCore/attribute.c:1495:14
    #10 0x7febc4e0cace in CLISimpleOperatorImage MagickWand/operation.c:2792:18
    #11 0x7febc4dfec78 in CLISimpleOperatorImages MagickWand/operation.c:3685:12
    #12 0x7febc4e24315 in CLIOption MagickWand/operation.c:5273:16
    #13 0x7febc4c65a99 in ProcessCommandOptions MagickWand/magick-cli.c:477:7
    #14 0x7febc4c66d0a in MagickImageCommand MagickWand/magick-cli.c:796:5
    #15 0x7febc4cb0ba1 in MagickCommandGenesis MagickWand/mogrify.c:185:14
    #16 0x526f95 in MagickMain utilities/magick.c:149:10
    #17 0x5268e1 in main utilities/magick.c:180:10
    #18 0x7febbf727b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow ./MagickCore/pixel-accessor.h:116:10 in GetPixelChannel

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907