Date: Sat, 19 Nov 2016 17:18:26 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: imagemagick: null pointer must never be null (tiff.c) If suitable for a CVE please assign one. Thanks. Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz on an updated version with the undefined behavior sanitizer enabled, revealed a null pointer which is declared to never be null. The complete UBSan output: # identify $FILE coders/tiff.c:655:39: runtime error: null pointer passed as argument 2, which is declared to never be null MagickCore/string_.h:76:23: note: nonnull attribute specified here Affected version: 22.214.171.124 Fixed version: 126.96.36.199 Commit fix: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00049-imagemagick-pointernerverbenull Timeline: 2016-11-09: bug discovered and reported to upstream 2016-11-09: upstream released a patch 2016-11-15: upstream released 188.8.131.52 2016-11-19: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ