Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Oct 2016 08:35:33 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: oss-security@...ts.openwall.com
Subject: GraphicsMagick CVE Request - WPG Reader Issues

Two security issues have been discovered in the WPG format reader in
GraphicsMagick 1.3.25 (and earlier):

1. In a build with QuantumDepth=8 (the default), there is no check
    that the provided colormap is not larger than 256 entries,
    resulting in potential heap overflow.  This problem does not occur
    with larger QuantumDepth values.

2. The assertion:

    ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed.

    is thrown (causing a crash) for some files due to a logic error
    which leads to passing a NULL pointer where a NULL pointer is not
    allowed.

These issues were discovered using American Fuzzy Lop by fuzzing with
the corpus by Moshe Kaplan discovered on Github at
https://github.com/moshekaplan/FuzzGraphicsMagick.

A patch resolving the two above issues is attached.

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
View attachment "wpg.c.patch" of type "text/plain" (6399 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ