[Bug 1539065] Re: out-of-bounds read in MagickCore/memory.c:707:23

Marc Deslauriers marc.deslauriers at canonical.com
Thu Feb 11 19:51:10 UTC 2016 

** Changed in: imagemagick (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1539065

Title:
  out-of-bounds read in MagickCore/memory.c:707:23

Status in imagemagick package in Ubuntu:
  Confirmed

Bug description:
  This bug was found while fuzzing ImageMagick with afl-fuzz

  Tested on ImageMagick version Tested on git commit
  8bc3ab67d818204fe5f0fe1dc29b873d37360461

  Command: magick id:000202,sig:06,src:003528,op:havoc,rep:16 /dev/null

  =================================================================
  ==14245==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb600aca4 at pc 0x8196b5b bp 0xbfad2b58 sp 0xbfad2b50
  READ of size 128 at 0xb600aca4 thread T0
      #0 0x8196b5a in CopyMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:707:23
      #1 0x8672c7b in WritePDBImage /home/user/Desktop/ImageMagick/coders/pdb.c:893
      #2 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091
      #3 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309
      #4 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697
      #5 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157
      #6 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526
      #7 0x910a545 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786
      #8 0x910ea29 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172
      #9 0x80de12d in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74
      #10 0x80de12d in main /home/user/Desktop/ImageMagick/utilities/magick.c:85
      #11 0xb74cda82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
      #12 0x80ddf54 in _start (/usr/local/bin/magick+0x80ddf54)

  0xb600aca4 is located 1243540500 bytes to the right of 3051426816-byte region [0xb600ac90,0x6be1c090)
  ASAN:SIGSEGV
  ==14245==AddressSanitizer: while reporting a bug found another one.Ignoring.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539065/+subscriptions

More information about the foundations-bugs mailing list