Date: Fri, 7 Oct 2016 08:35:33 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security@...ts.openwall.com Subject: GraphicsMagick CVE Request - WPG Reader Issues Two security issues have been discovered in the WPG format reader in GraphicsMagick 1.3.25 (and earlier): 1. In a build with QuantumDepth=8 (the default), there is no check that the provided colormap is not larger than 256 entries, resulting in potential heap overflow. This problem does not occur with larger QuantumDepth values. 2. The assertion: ReferenceBlob: Assertion `blob != (BlobInfo *) NULL' failed. is thrown (causing a crash) for some files due to a logic error which leads to passing a NULL pointer where a NULL pointer is not allowed. These issues were discovered using American Fuzzy Lop by fuzzing with the corpus by Moshe Kaplan discovered on Github at https://github.com/moshekaplan/FuzzGraphicsMagick. A patch resolving the two above issues is attached. Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ View attachment "wpg.c.patch" of type "text/plain" (6399 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ