Date: Sat, 17 Jan 2015 13:06:07 -0500 From: Yury German <yury@...hnologysecure.com> To: oss-security@...ts.openwall.com Cc: jodie.cunningham+osssecurity@...il.com Subject: Re: Imagemagick fuzzing bug Do we have a CVE assigned to this by chance? > On Dec 24, 2014, at 6:22 AM, Bastien ROUCARIES <roucaries.bastien@...il.com> wrote: > > Hi, > > during the previous month google and Jodie Cunningham. > have done a security audit of imagemagick and found a lot of security bug: > * Avoid a DOS in vision.c due to an infinite loop. > * Avoid a SEGV due to a corrupted pnm file. > * Do not leak fd due to corrupted file. > * Fix a double free in pdb coder. > * Fix a SEGV due to corrupted dpc and xwd images. > * Fix a SEGV in dpx file handler. > * Fix a SEGV in malformed xwd file handler. > * Avoid a NULL pointer dereference in ps file handling. > * Fix a crash with corrupted viff file. > * Fix a NULL pointer dereference in wpg file handling. > * Do not continue on corrupted wpg file. > * Avoid an out of bound access in viff image. > * Avoid a heap buffer overflow in pdb file handling. > * Avoid an out of bound acess on malformed sun file. > * Avoid heap overflow in palm, pnm and xpm files. > * Fix heap overflow in quantum, palm and psd file. > * Fix handling of corrupted of psd, sun and xpm file. > * Fix corrupted (too many colors) psd file. > * Fix an out of bound acess in sun file. > * Fix handling of corrupted sun and wpg file. > * Fix heap overflow in pcx file, psd, pict and wpf files > and DOS in xpm files. > * Add additional PNM sanity checks. > * Avoid a crash to out of memory in magick/cache.c > * Fix a theorical out of bound access in magick/colormap-private.h > * Fix an out of bound access in palm file. > * Fixed throwing of exceptions in psd handling and fix a memory leak. > * Fixed boundary checks in DecodePSDPixels. > * Fix another out of bound problem in rle file. > * Fix crash due to corrupted dib file. > * Added checks to prevent overflow in rle file. > * Impose a limit of 10 million columns or rows in an input PNG > * Don't try to handle a "previous" image in the JNG decoder. > * Avoid a memory leak in quantum management. > * Avoid a crash in png coder. > * Thread limit should be at least 1 in order to be efficient. > * In psd file handling fixed parsing resource block and > avoid a crash. > * In cache fix usage of object after it has been destroyed. > * Avoid a memory leak in rle file handling. > * During identification of image do not fill memory > > Patch queue is here: > http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/184.108.40.206-4-for-upstream [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ