oss-sec mailing list archives
Imagemagick heap overflow
From: Bastien ROUCARIES <roucaries.bastien () gmail com>
Date: Sun, 13 Nov 2016 12:25:15 +0100
Hi, Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easelly trigerrable from a perl script. For more details see: https://github.com/ImageMagick/ImageMagick/issues/296 The problem is solved by this simple patch: @@ -5866,7 +5866,7 @@ MagickExport Image *WaveletDenoiseImage(const Image *image, ThrowImageException(ResourceLimitError,"MemoryAllocationFailed"); pixels_info=AcquireVirtualMemory(3*image->columns,image->rows* sizeof(*pixels)); - kernel=(float *) AcquireQuantumMemory(MagickMax(image->rows,image->columns), + kernel=(float *) AcquireQuantumMemory(MagickMax(image->rows,image->columns)+1, GetOpenMPMaximumThreads()*sizeof(*kernel)); if ((pixels_info == (MemoryInfo *) NULL) || (kernel == (float *) NULL)) {
Current thread:
- Imagemagick heap overflow Bastien ROUCARIES (Nov 13)
- Re: Imagemagick heap overflow cve-assign (Nov 14)