oss-sec mailing list archives
GraphicsMagick CVE Request - WPG Reader Issues
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Fri, 7 Oct 2016 08:35:33 -0500 (CDT)
Two security issues have been discovered in the WPG format reader in GraphicsMagick 1.3.25 (and earlier): 1. In a build with QuantumDepth=8 (the default), there is no check that the provided colormap is not larger than 256 entries, resulting in potential heap overflow. This problem does not occur with larger QuantumDepth values. 2. The assertion: ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed. is thrown (causing a crash) for some files due to a logic error which leads to passing a NULL pointer where a NULL pointer is not allowed. These issues were discovered using American Fuzzy Lop by fuzzing with the corpus by Moshe Kaplan discovered on Github at https://github.com/moshekaplan/FuzzGraphicsMagick. A patch resolving the two above issues is attached. Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Attachment:
wpg.c.patch
Description:
Current thread:
- GraphicsMagick CVE Request - WPG Reader Issues Bob Friesenhahn (Oct 07)
- Re: GraphicsMagick CVE Request - WPG Reader Issues cve-assign (Oct 08)