Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Dec 2014 12:22:22 +0100
From: Bastien ROUCARIES <roucaries.bastien@...il.com>
To: oss-security@...ts.openwall.com
Cc: jodie.cunningham+osssecurity@...il.com
Subject: Imagemagick fuzzing bug

Hi,

during the previous month google and Jodie Cunningham.
have done a security audit of imagemagick and found a lot of security bug:
  * Avoid a DOS in vision.c due to an infinite loop.
  * Avoid a SEGV due to a corrupted pnm file.
  * Do not leak fd due to corrupted file.
  * Fix a double free in pdb coder.
  * Fix a SEGV due to corrupted dpc and xwd images.
  * Fix a SEGV in dpx file handler.
  * Fix a SEGV in malformed xwd file handler.
  * Avoid a NULL pointer dereference in ps file handling.
  * Fix a crash with corrupted viff file.
  * Fix a NULL pointer dereference in wpg file handling.
  * Do not continue on corrupted wpg file.
  * Avoid an out of bound access in viff image.
  * Avoid a heap buffer overflow in pdb file handling.
  * Avoid an out of bound acess on malformed sun file.
  * Avoid heap overflow in palm, pnm and xpm files.
  * Fix heap overflow in quantum, palm and psd file.
  * Fix handling of corrupted of psd, sun and xpm file.
  * Fix corrupted (too many colors) psd file.
  * Fix an out of bound acess in sun file.
  * Fix handling of corrupted sun and wpg file.
  * Fix heap overflow in pcx file, psd, pict and wpf files
    and DOS in xpm files.
  * Add additional PNM sanity checks.
  * Avoid a crash to out of memory in magick/cache.c
  * Fix a theorical out of bound access in magick/colormap-private.h
  * Fix an out of bound access in palm file.
  * Fixed throwing of exceptions in psd handling and fix a memory leak.
  * Fixed boundary checks in DecodePSDPixels.
  * Fix another out of bound problem in rle file.
  * Fix crash due to corrupted dib file.
  * Added checks to prevent overflow in rle file.
  * Impose a limit of 10 million columns or rows in an input PNG
  * Don't try to handle a "previous" image in the JNG decoder.
  * Avoid a memory leak in quantum management.
  * Avoid a crash in png coder.
  * Thread limit should be at least 1 in order to be efficient.
  * In psd file handling fixed parsing resource block and
    avoid a crash.
  * In cache fix usage of object after it has been destroyed.
  * Avoid a memory leak in rle file handling.
  * During identification of image do not fill memory

Patch queue is here:
http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/6.8.9.9-4-for-upstream

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ