Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded:https://github.com/ImageMagick/ImageMagick/issues/550
Version: ImageMagick 7.0.6-1 Q16 x86_64 #./magick identify $FILE ================================================================= ==32637==ERROR: LeakSanitizer: detected memory leaks Direct leak of 13488 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d5b9db9 in AcquireImage image.c:169:19 #3 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #4 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #5 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #6 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #7 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #8 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #9 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #10 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #11 0x514f77 in MagickMain magick.c:151:10 #12 0x5149d1 in main magick.c:263:10 #13 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Direct leak of 13024 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8dc4739f in ReadOneJNGImage png.c:4477:39 #3 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #4 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #5 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #6 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #7 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #8 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #9 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #10 0x514f77 in MagickMain magick.c:151:10 #11 0x5149d1 in main magick.c:263:10 #12 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 13024 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d5be753 in AcquireImageInfo image.c:347:28 #3 0x7fbe8d5c78c3 in CloneImageInfo image.c:952:14 #4 0x7fbe8d5be688 in SyncImageSettings image.c:4051:21 #5 0x7fbe8d5bbe88 in AcquireImage image.c:290:10 #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #14 0x514f77 in MagickMain magick.c:151:10 #15 0x5149d1 in main magick.c:263:10 #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 9096 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10 #3 0x7fbe8d3891e4 in AcquirePixelCache cache.c:195:28 #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 512 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10 #3 0x7fbe8d64a44a in AcquirePixelChannelMap pixel.c:101:35 #4 0x7fbe8d5ba77b in AcquireImage image.c:208:22 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 280 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d367dfd in CloneBlobInfo blob.c:504:27 #3 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15 #4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #12 0x514f77 in MagickMain magick.c:151:10 #13 0x5149d1 in main magick.c:263:10 #14 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 88 byte(s) in 1 object(s) allocated from: #0 0x4def96 in __interceptor_malloc asan_malloc_linux.cc:66 #1 0x7fbe8d60af76 in AcquireMagickMemory memory.c:463:10 #2 0x7fbe8d60afd8 in AcquireQuantumMemory memory.c:536:10 #3 0x7fbe8d389ca4 in AcquirePixelCacheNexus cache.c:268:31 #4 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26 #5 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #14 0x514f77 in MagickMain magick.c:151:10 #15 0x5149d1 in main magick.c:263:10 #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142 #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7 #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36 #3 0x7fbe8d5ba935 in AcquireImage image.c:213:20 #4 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #5 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #6 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #7 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #8 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #9 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #10 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #11 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #12 0x514f77 in MagickMain magick.c:151:10 #13 0x5149d1 in main magick.c:263:10 #14 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142 #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7 #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36 #3 0x7fbe8d3899c3 in AcquirePixelCache cache.c:226:25 #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142 #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7 #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36 #3 0x7fbe8d368bf7 in GetBlobInfo blob.c:1414:24 #4 0x7fbe8d367eec in CloneBlobInfo blob.c:507:3 #5 0x7fbe8d5ba7d1 in AcquireImage image.c:209:15 #6 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #7 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #8 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #9 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #10 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #11 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #12 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #13 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #14 0x514f77 in MagickMain magick.c:151:10 #15 0x5149d1 in main magick.c:263:10 #16 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142 #1 0x7fbe8d747788 in AcquireSemaphoreMemory semaphore.c:154:7 #2 0x7fbe8d746ffc in AcquireSemaphoreInfo semaphore.c:200:36 #3 0x7fbe8d389a52 in AcquirePixelCache cache.c:228:30 #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 Indirect leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4dfaf5 in posix_memalign asan_malloc_linux.cc:142 #1 0x7fbe8d60adb2 in AcquireAlignedMemory memory.c:261:7 #2 0x7fbe8d389bae in AcquirePixelCacheNexus cache.c:264:29 #3 0x7fbe8d389704 in AcquirePixelCache cache.c:211:26 #4 0x7fbe8d5ba6bd in AcquireImage image.c:206:16 #5 0x7fbe8dc47483 in ReadOneJNGImage png.c:4483:21 #6 0x7fbe8dc1bb1d in ReadJNGImage png.c:5053:9 #7 0x7fbe8d3faf98 in ReadImage constitute.c:497:13 #8 0x7fbe8d771bd9 in ReadStream stream.c:1045:9 #9 0x7fbe8d3f9b3f in PingImage constitute.c:226:9 #10 0x7fbe8d3fa2e3 in PingImages constitute.c:327:10 #11 0x7fbe8cb5b126 in IdentifyImageCommand identify.c:319:18 #12 0x7fbe8cc18dff in MagickCommandGenesis mogrify.c:183:14 #13 0x514f77 in MagickMain magick.c:151:10 #14 0x5149d1 in main magick.c:263:10 #15 0x7fbe87456f44 in __libc_start_main libc-start.c:287 SUMMARY: AddressSanitizer: 49832 byte(s) leaked in 12 allocation(s). testcase: https://github.com/jgj212/poc/blob/master/leak-ReadOneJNGImage Credit : ADLab of Venustech