oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

imagemagick: undefined behavior in coders/rle.c

From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:22:46 +0000
Description:
imagemagick is a software suite to create, edit, compose, or convert bitmap images.

A fuzz with the upstream security policy enabled, a quantum of 32 and the undefined behavior sanitizer discovered this 
bug.

# identify $FILE
coders/rle.c:274:18: runtime error: value 1.72801e+09 is outside the range of representable values of type 'unsigned 
char'                                                                     

Affected version:
7.0.5.4

Fixed version:
7.0.5.5 (not released atm)

Commit fix:
https://github.com/ImageMagick/ImageMagick/commit/b218117cad34d39b9ffb587b45c71c5a49b12bde

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-7606

Reproducer:
https://github.com/asarubbo/poc/blob/master/00253-imagemagick-outside-unsigned-char

Timeline:
2017-03-31: bug discovered and reported to upstream
2017-03-31: upstream released a patch
2017-04-02: blog post about the issue
2017-04-09: CVE assigned

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c

--
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: