Date: Sat, 19 Nov 2016 17:18:26 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: imagemagick: null pointer must never be null (tiff.c) If suitable for a CVE please assign one. Thanks. Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. A fuzz on an updated version with the undefined behavior sanitizer enabled, revealed a null pointer which is declared to never be null. The complete UBSan output: # identify $FILE coders/tiff.c:655:39: runtime error: null pointer passed as argument 2, which is declared to never be null MagickCore/string_.h:76:23: note: nonnull attribute specified here Affected version: 126.96.36.199 Fixed version: 188.8.131.52 Commit fix: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00049-imagemagick-pointernerverbenull Timeline: 2016-11-09: bug discovered and reported to upstream 2016-11-09: upstream released a patch 2016-11-15: upstream released 184.108.40.206 2016-11-19: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.