Date: Mon, 10 Apr 2017 07:22:46 +0000 From: "Agostino Sarubbo" <ago@...too.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: imagemagick: undefined behavior in coders/rle.c Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz with the upstream security policy enabled, a quantum of 32 and the undefined behavior sanitizer discovered this bug. # identify $FILE coders/rle.c:274:18: runtime error: value 1.72801e+09 is outside the range of representable values of type 'unsigned char' Affected version: 220.127.116.11 Fixed version: 18.104.22.168 (not released atm) Commit fix: https://github.com/ImageMagick/ImageMagick/commit/b218117cad34d39b9ffb587b45c71c5a49b12bde Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: CVE-2017-7606 Reproducer: https://github.com/asarubbo/poc/blob/master/00253-imagemagick-outside-unsigned-char Timeline: 2017-03-31: bug discovered and reported to upstream 2017-03-31: upstream released a patch 2017-04-02: blog post about the issue 2017-04-09: CVE assigned Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ