Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Apr 2017 07:22:46 +0000
From: "Agostino Sarubbo" <>
To: "" <>
Subject: imagemagick: undefined behavior in coders/rle.c

imagemagick is a software suite to create, edit, compose, or convert bitmap images.

A fuzz with the upstream security policy enabled, a quantum of 32 and the undefined behavior sanitizer discovered this bug.

# identify $FILE
coders/rle.c:274:18: runtime error: value 1.72801e+09 is outside the range of representable values of type 'unsigned char'                                                                     

Affected version:

Fixed version: (not released atm)

Commit fix:

This bug was discovered by Agostino Sarubbo of Gentoo.



2017-03-31: bug discovered and reported to upstream
2017-03-31: upstream released a patch
2017-04-02: blog post about the issue
2017-04-09: CVE assigned

This bug was found with American Fuzzy Lop.


Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ