[Bug 1589189] [NEW] SEGV in coders/pes.c:639:35

Sat, 04 Jun 2016 21:46:05 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

This bug was found while fuzzing ImageMagick with afl-fuzz

Tested on ImageMagick git commit
f435e8724ade942148d065a4b898a0ed0c42c368


Command: magick id:000424,sig:06,src:000074+002924,op:splice,rep:32 /dev/null

ASAN:SIGSEGV
=================================================================
==10390==ERROR: AddressSanitizer: SEGV on unknown address 0x3a0ed400 (pc 
0x083fc355 bp 0xbfe563b8 sp 0xbfe549c0 T0)
    #0 0x83fc354 in ReadPESImage 
/home/user/Desktop/ImageMagick/coders/pes.c:639:35
    #1 0x85f17b3 in ReadImage 
/home/user/Desktop/ImageMagick/MagickCore/constitute.c:496:13
    #2 0x85f52a4 in ReadImages 
/home/user/Desktop/ImageMagick/MagickCore/constitute.c:851:9
    #3 0x8bd3193 in CLINoImageOperator 
/home/user/Desktop/ImageMagick/MagickWand/operation.c:4705:22
    #4 0x8bd697f in CLIOption 
/home/user/Desktop/ImageMagick/MagickWand/operation.c:5199:7
    #5 0x8a94b84 in ProcessCommandOptions 
/home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:474:7
    #6 0x8a95ee2 in MagickImageCommand 
/home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:791:5
    #7 0x8a9809d in MagickCommandGenesis 
/home/user/Desktop/ImageMagick/MagickWand/mogrify.c:183:14
    #8 0x81434a3 in MagickMain 
/home/user/Desktop/ImageMagick/utilities/magick.c:145:10
    #9 0x81434a3 in main /home/user/Desktop/ImageMagick/utilities/magick.c:176
    #10 0xb74877ad in __libc_start_main 
/build/glibc-xt1eTb/glibc-2.21/csu/libc-start.c:289
    #11 0x808956b in _start (/usr/local/bin/magick+0x808956b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/Desktop/ImageMagick/coders/pes.c:639 
ReadPESImage
==10390==ABORTING

** Affects: imagemagick (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1589189

Title:
  SEGV in coders/pes.c:639:35

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589189/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to