[Bug 1589191] Re: SEGV in coders/rle.c:405:15
https://github.com/ImageMagick/ImageMagick/issues/211 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589191 Title: SEGV in coders/rle.c:405:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589191/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589190] Re: SEGV in coders/rle.c:435:15
https://github.com/ImageMagick/ImageMagick/issues/212 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589190 Title: SEGV in coders/rle.c:435:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589189] Re: SEGV in coders/pes.c:639:35
https://github.com/ImageMagick/ImageMagick/issues/213 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589189 Title: SEGV in coders/pes.c:639:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589189/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589190] Re: SEGV in coders/rle.c:435:15
input file to trigger crash ** Attachment added: "id:000434,sig:06,src:007452+006268,op:splice,rep:4" https://bugs.launchpad.net/bugs/1589190/+attachment/4677155/+files/id%3A000434%2Csig%3A06%2Csrc%3A007452+006268%2Cop%3Asplice%2Crep%3A4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589190 Title: SEGV in coders/rle.c:435:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589191] Re: SEGV in coders/rle.c:405:15
input file to trigger crash ** Attachment added: "id:000436,sig:06,src:007470+006951,op:splice,rep:8" https://bugs.launchpad.net/bugs/1589191/+attachment/4677156/+files/id%3A000436%2Csig%3A06%2Csrc%3A007470+006951%2Cop%3Asplice%2Crep%3A8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589191 Title: SEGV in coders/rle.c:405:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589191/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589189] [NEW] SEGV in coders/pes.c:639:35
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit f435e8724ade942148d065a4b898a0ed0c42c368 Command: magick id:000424,sig:06,src:74+002924,op:splice,rep:32 /dev/null ASAN:SIGSEGV = ==10390==ERROR: AddressSanitizer: SEGV on unknown address 0x3a0ed400 (pc 0x083fc355 bp 0xbfe563b8 sp 0xbfe549c0 T0) #0 0x83fc354 in ReadPESImage /home/user/Desktop/ImageMagick/coders/pes.c:639:35 #1 0x85f17b3 in ReadImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:496:13 #2 0x85f52a4 in ReadImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:851:9 #3 0x8bd3193 in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4705:22 #4 0x8bd697f in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5199:7 #5 0x8a94b84 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:474:7 #6 0x8a95ee2 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:791:5 #7 0x8a9809d in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:183:14 #8 0x81434a3 in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:145:10 #9 0x81434a3 in main /home/user/Desktop/ImageMagick/utilities/magick.c:176 #10 0xb74877ad in __libc_start_main /build/glibc-xt1eTb/glibc-2.21/csu/libc-start.c:289 #11 0x808956b in _start (/usr/local/bin/magick+0x808956b) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/user/Desktop/ImageMagick/coders/pes.c:639 ReadPESImage ==10390==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589189 Title: SEGV in coders/pes.c:639:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589189/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589189] Re: SEGV in coders/pes.c:639:35
input file to trigger crash ** Attachment added: "id:000424,sig:06,src:74+002924,op:splice,rep:32" https://bugs.launchpad.net/bugs/1589189/+attachment/4677154/+files/id%3A000424%2Csig%3A06%2Csrc%3A74+002924%2Cop%3Asplice%2Crep%3A32 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589189 Title: SEGV in coders/pes.c:639:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589189/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589191] [NEW] SEGV in coders/rle.c:405:15
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit f435e8724ade942148d065a4b898a0ed0c42c368 Command: magick id:000436,sig:06,src:007470+006951,op:splice,rep:8 /dev/null ASAN:SIGSEGV = ==11484==ERROR: AddressSanitizer: SEGV on unknown address 0xb6063e38 (pc 0x08486fe9 bp 0xbfd94d78 sp 0xbfd93a40 T0) #0 0x8486fe8 in ReadRLEImage /home/user/Desktop/ImageMagick/coders/rle.c:405:15 #1 0x85f17b3 in ReadImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:496:13 #2 0x85f52a4 in ReadImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:851:9 #3 0x8bd3193 in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4705:22 #4 0x8bd697f in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5199:7 #5 0x8a94b84 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:474:7 #6 0x8a95ee2 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:791:5 #7 0x8a9809d in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:183:14 #8 0x81434a3 in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:145:10 #9 0x81434a3 in main /home/user/Desktop/ImageMagick/utilities/magick.c:176 #10 0xb74847ad in __libc_start_main /build/glibc-xt1eTb/glibc-2.21/csu/libc-start.c:289 #11 0x808956b in _start (/usr/local/bin/magick+0x808956b) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/user/Desktop/ImageMagick/coders/rle.c:405 ReadRLEImage ==11484==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589191 Title: SEGV in coders/rle.c:405:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589191/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589190] [NEW] SEGV in coders/rle.c:435:15
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit f435e8724ade942148d065a4b898a0ed0c42c368 Command: magick id:000434,sig:06,src:007452+006268,op:splice,rep:4 /dev/null ASAN:SIGSEGV = ==11472==ERROR: AddressSanitizer: SEGV on unknown address 0xb600fbf0 (pc 0x084872b9 bp 0xbfbf8df8 sp 0xbfbf7ac0 T0) #0 0x84872b8 in ReadRLEImage /home/user/Desktop/ImageMagick/coders/rle.c:435:15 #1 0x85f17b3 in ReadImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:496:13 #2 0x85f52a4 in ReadImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:851:9 #3 0x8bd3193 in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4705:22 #4 0x8bd697f in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5199:7 #5 0x8a94b84 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:474:7 #6 0x8a95ee2 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:791:5 #7 0x8a9809d in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:183:14 #8 0x81434a3 in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:145:10 #9 0x81434a3 in main /home/user/Desktop/ImageMagick/utilities/magick.c:176 #10 0xb741c7ad in __libc_start_main /build/glibc-xt1eTb/glibc-2.21/csu/libc-start.c:289 #11 0x808956b in _start (/usr/local/bin/magick+0x808956b) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/user/Desktop/ImageMagick/coders/rle.c:435 ReadRLEImage ==11472==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589190 Title: SEGV in coders/rle.c:435:15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1589190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1556273] Re: out-of-bounds write in MagickCore/memory.c:723:10
https://github.com/ImageMagick/ImageMagick/issues/148 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556273 Title: out-of-bounds write in MagickCore/memory.c:723:10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1556273] [NEW] out-of-bounds write in MagickCore/memory.c:723:10
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 712467450377a5c8642d6f4aead1f11d803c78a9 Command: magick id:000206,sig:06,src:005821,op:havoc,rep:4 /dev/null = ==7820==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb531ca5f at pc 0x818c063 bp 0xbfcfbfa8 sp 0xbfcfbfa0 WRITE of size 65700 at 0xb531ca5f thread T0 #0 0x818c062 in CopyMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:723:10 #1 0x87597e6 in RemoveICCProfileFromResourceBlock /home/user/Desktop/ImageMagick/coders/psd.c:2569 #2 0x87597e6 in WritePSDImage /home/user/Desktop/ImageMagick/coders/psd.c:2779 #3 0x8a8bd28 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091 #4 0x8a8f70c in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309 #5 0x937560f in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4730 #6 0x937d421 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5190 #7 0x9108443 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526 #8 0x910a8c5 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786 #9 0x910eda9 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172 #10 0x80ddeed in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74 #11 0x80ddeed in main /home/user/Desktop/ImageMagick/utilities/magick.c:85 #12 0xb7495a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddd14 in _start (/usr/local/bin/magick+0x80ddd14) AddressSanitizer can not describe address in more detail (wild memory access suspected). SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/ImageMagick/MagickCore/memory.c:723 CopyMagickMemory Shadow bytes around the buggy address: 0x36a638f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x36a63940: fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa 0x36a63950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a63990: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==7820==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556273 Title: out-of-bounds write in MagickCore/memory.c:723:10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1556273] Re: out-of-bounds write in MagickCore/memory.c:723:10
input file to trigger crash ** Attachment added: "id:000206,sig:06,src:005821,op:havoc,rep:4" https://bugs.launchpad.net/bugs/1556273/+attachment/4596250/+files/id%3A000206%2Csig%3A06%2Csrc%3A005821%2Cop%3Ahavoc%2Crep%3A4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556273 Title: out-of-bounds write in MagickCore/memory.c:723:10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553366] Re: out-of-bounds read in MagickCore/memory.c:708
** Attachment added: "id&%67,sig&%06,src&%000833,op&%havoc,rep&%2" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366/+attachment/4595592/+files/id%26%2567%2Csig%26%2506%2Csrc%26%25000833%2Cop%26%25havoc%2Crep%26%252 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553366 Title: out-of-bounds read in MagickCore/memory.c:708 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553360] Re: out-of-bounds read in MagickCore/memory.c:719
https://github.com/ImageMagick/ImageMagick/issues/144 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553360 Title: out-of-bounds read in MagickCore/memory.c:719 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553366] Re: out-of-bounds read in MagickCore/memory.c:708
https://github.com/ImageMagick/ImageMagick/issues/143 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553366 Title: out-of-bounds read in MagickCore/memory.c:708 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553366] Re: out-of-bounds read in MagickCore/memory.c:708
input file to trigger crash ** Attachment added: "id:000419,sig:06,src:001803+004110,op:splice,rep:2" https://bugs.launchpad.net/bugs/1553366/+attachment/4588703/+files/id%3A000419%2Csig%3A06%2Csrc%3A001803+004110%2Cop%3Asplice%2Crep%3A2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553366 Title: out-of-bounds read in MagickCore/memory.c:708 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553366] [NEW] out-of-bounds read in MagickCore/memory.c:708
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 26ac8585e46188a648abf5fa3a1a7d264d8b3cb9 Command: magick id:000419,sig:06,src:001803+004110,op:splice,rep:2 /dev/null = ==21785==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5f02440 at pc 0x80b28f6 bp 0xbfc57ed8 sp 0xbfc57abc READ of size 128 at 0xb5f02440 thread T0 #0 0x80b28f5 in memcpy (/usr/local/bin/magick+0x80b28f5) #1 0x814f571 in CopyMagickMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:708 #2 0x857643b in WritePDBImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/pdb.c:893 #3 0x89633b8 in WriteImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1091 #4 0x8966d9c in WriteImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1309 #5 0x9230a7f in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4730 #6 0x9238891 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5190 #7 0x8fc3893 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:526 #8 0x8fc5d15 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786 #9 0x8fca1f9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 #10 0x80ddf3d in MagickMain /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74 #11 0x80ddf3d in main /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85 #12 0xb74b1a82 in __libc_start_main /build/eglibc-617sU_/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddd64 in _start (/usr/local/bin/magick+0x80ddd64) 0xb5f02440 is located 0 bytes to the right of 256-byte region [0xb5f02340,0xb5f02440) allocated by thread T0 here: #0 0x80c6991 in malloc (/usr/local/bin/magick+0x80c6991) #1 0x814e9ea in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:476 #2 0x814e9ea in AcquireQuantumMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:549 #3 0x89633b8 in WriteImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1091 #4 0x8966d9c in WriteImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1309 #5 0x9230a7f in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4730 #6 0x9238891 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5190 #7 0x8fc3893 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcpy Shadow bytes around the buggy address: 0x36be0430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be0440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be0450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be0460: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x36be0470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36be0480: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa 0x36be0490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be04a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be04b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be04c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be04d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==21785==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553366 Title: out-of-bounds read in MagickCore/memory.c:708 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553360] Re: out-of-bounds read in MagickCore/memory.c:719
input file to trigger crash ** Attachment added: "id:000362,sig:06,src:008726,op:havoc,rep:4" https://bugs.launchpad.net/bugs/1553360/+attachment/4588675/+files/id%3A000362%2Csig%3A06%2Csrc%3A008726%2Cop%3Ahavoc%2Crep%3A4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553360 Title: out-of-bounds read in MagickCore/memory.c:719 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553360] [NEW] out-of-bounds read in MagickCore/memory.c:719
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 26ac8585e46188a648abf5fa3a1a7d264d8b3cb9 Command: magick id:000362,sig:06,src:008726,op:havoc,rep:4 /dev/null = ==21178==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb540 at pc 0x80b2652 bp 0xbfd31558 sp 0xbfd31548 READ of size 66048 at 0xb540 thread T0 #0 0x80b2651 in memmove (/usr/local/bin/magick+0x80b2651) #1 0x814f6d8 in CopyMagickMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:719 #2 0x86668f6 in RemoveICCProfileFromResourceBlock /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/psd.c:2569 #3 0x86668f6 in WritePSDImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/psd.c:2779 #4 0x89633b8 in WriteImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1091 #5 0x8966d9c in WriteImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:1309 #6 0x9230a7f in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4730 #7 0x9238891 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5190 #8 0x8fc3893 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:526 #9 0x8fc5d15 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786 #10 0x8fca1f9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 #11 0x80ddf3d in MagickMain /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74 #12 0x80ddf3d in main /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85 #13 0xb74dca82 in __libc_start_main /build/eglibc-617sU_/eglibc-2.19/csu/libc-start.c:287 #14 0x80ddd64 in _start (/usr/local/bin/magick+0x80ddd64) 0xb540 is located 256 bytes to the left of 4172-byte region [0xb5400100,0xb540114c) allocated by thread T0 here: #0 0x80c6991 in malloc (/usr/local/bin/magick+0x80c6991) #1 0x814e958 in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:476 #2 0x8fc4b55 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:693 #3 0x8fca1f9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memmove Shadow bytes around the buggy address: 0x36a7ffb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a7ffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a7ffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a7ffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a7fff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36a8:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a80010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a80020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==21178==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553360 Title: out-of-bounds read in MagickCore/memory.c:719 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1549042] Re: SEGV in MagickCore/locale.c:1417
https://github.com/ImageMagick/ImageMagick/issues/138 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549042 Title: SEGV in MagickCore/locale.c:1417 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1549042/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1549042] Re: SEGV in MagickCore/locale.c:1417
input file to trigger crash ** Attachment added: "id:000119,sig:06,src:001982,op:int32,pos:16,val:-1" https://bugs.launchpad.net/bugs/1549042/+attachment/4579527/+files/id%3A000119%2Csig%3A06%2Csrc%3A001982%2Cop%3Aint32%2Cpos%3A16%2Cval%3A-1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549042 Title: SEGV in MagickCore/locale.c:1417 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1549042/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1549042] [NEW] SEGV in MagickCore/locale.c:1417
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 5afc3a6a4c6cc8a2226bbd96ea60c80d975b56cc Command: magick id:000119,sig:06,src:001982,op:int32,pos:16,val:-1 /dev/null ASAN:SIGSEGV = ==23655==ERROR: AddressSanitizer: SEGV on unknown address 0xfeff (pc 0x0808c433 sp 0xbfb18140 bp 0xbfb18188 T0) #0 0x808c432 in __interceptor_strcasecmp (/usr/local/bin/magick+0x808c432) #1 0x814aa4c in LocaleCompare /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/locale.c:1417 #2 0x8232e86 in CompareSplayTreeString /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:419 #3 0x823fdbe in Splay /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1492 #4 0x823040f in SplaySplayTree /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1583 #5 0x82351c0 in DeleteNodeFromSplayTree /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:619 #6 0x822281f in RelinquishUniqueFileResource /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/resource.c:1000 #7 0x88941e8 in RelinquishPixelCachePixels /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:886 #8 0x8893e87 in DestroyPixelCache /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:943 #9 0x8893b66 in DestroyImagePixels /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:823 #10 0x80ff39a in DestroyImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/image.c:1189 #11 0x8132efc in DeleteImageFromList /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:298 #12 0x8132efc in DestroyImageList /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:451 #13 0x8748c73 in ReadSUNImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/sun.c:300 #14 0x89163de in ReadImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:494 #15 0x89181ee in ReadImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:844 #16 0x8dac5b9 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4690 #17 0x8db4aa1 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5184 #18 0x8b3f08d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:474 #19 0x8b42405 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786 #20 0x8b468e9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 #21 0x80ddf3d in MagickMain /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74 #22 0x80ddf3d in main /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85 #23 0xb755aa82 in __libc_start_main /build/eglibc-617sU_/eglibc-2.19/csu/libc-start.c:287 #24 0x80ddd64 in _start (/usr/local/bin/magick+0x80ddd64) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 __interceptor_strcasecmp ==23655==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549042 Title: SEGV in MagickCore/locale.c:1417 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1549042/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1547287] Re: out-of-bounds read in MagickCore/xml-tree.c:1394
https://github.com/ImageMagick/ImageMagick/issues/135 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547287 Title: out-of-bounds read in MagickCore/xml-tree.c:1394 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1547287/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1547287] [NEW] out-of-bounds read in MagickCore/xml-tree.c:1394
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 07b9f5ed90ce1e2d723837979446713b2159f78e Command: magick id:000323,sig:06,src:007647,op:havoc,rep:64 /dev/null = ==5369==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb2e03bf4 at pc 0x8399d51 bp 0xbfe950b8 sp 0xbfe950b0 READ of size 1 at 0xb2e03bf4 thread T0 #0 0x8399d50 in ParseEntities /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/xml-tree.c:1394 #1 0x838b8a4 in NewXMLTree /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/xml-tree.c:2093 #2 0x824e5f0 in GetXMPProperty /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/property.c:1661 #3 0x824e5f0 in GetImageProperty /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/property.c:2149 #4 0x828cd04 in SetImageProfileInternal /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1671 #5 0x828cb1d in GetProfilesFromResourceBlock /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1574 #6 0x828cb1d in SetImageProfileInternal /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1663 #7 0x828a72c in SetImageProfile /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1678 #8 0x85a40d4 in ReadMETAImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/meta.c:1217 #9 0x8a802aa in ReadImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:494 #10 0x8a8811f in ReadImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:844 #11 0x936a649 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4680 #12 0x9372b31 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5174 #13 0x90ffc8d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:474 #14 0x9103005 in MagickImageCommand /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786 #15 0x91074e9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172 #16 0x80dde9d in MagickMain /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74 #17 0x80dde9d in main /home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85 #18 0xb74baa82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #19 0x80ddcc4 in _start (/usr/local/bin/magick+0x80ddcc4) 0xb2e03bf4 is located 0 bytes to the right of 164-byte region [0xb2e03b50,0xb2e03bf4) allocated by thread T0 here: #0 0x80c68f1 in malloc (/usr/local/bin/magick+0x80c68f1) #1 0x81885f9 in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:476 #2 0x81885f9 in AcquireQuantumMemory /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/memory.c:549 #3 0x828cd04 in SetImageProfileInternal /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1671 #4 0x828cb1d in GetProfilesFromResourceBlock /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1574 #5 0x828cb1d in SetImageProfileInternal /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1663 #6 0x828a72c in SetImageProfile /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/profile.c:1678 #7 0x8a802aa in ReadImage /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:494 #8 0x8a8811f in ReadImages /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:844 #9 0x936a649 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4680 #10 0x9372b31 in CLIOption /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5174 #11 0x90ffc8d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:474 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/xml-tree.c:1394 ParseEntities Shadow bytes around the buggy address: 0x365c0720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c0730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c0740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c0750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c0760: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00 =>0x365c0770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[04]fa 0x365c0780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c0790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365c07a0: fa fa fa fa fa fa fa fa
[Bug 1547287] Re: out-of-bounds read in MagickCore/xml-tree.c:1394
input file to trigger crash ** Attachment added: "id:000323,sig:06,src:007647,op:havoc,rep:64" https://bugs.launchpad.net/bugs/1547287/+attachment/4575117/+files/id%3A000323%2Csig%3A06%2Csrc%3A007647%2Cop%3Ahavoc%2Crep%3A64 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547287 Title: out-of-bounds read in MagickCore/xml-tree.c:1394 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1547287/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542107] Re: out-of-bounds write in coders/pdb.c:691
** Attachment added: "id:00,sig:06,src:00,op:flip1,pos:118" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542107/+attachment/4571526/+files/id%3A00%2Csig%3A06%2Csrc%3A00%2Cop%3Aflip1%2Cpos%3A118 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542107 Title: out-of-bounds write in coders/pdb.c:691 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545366] Re: out-of-bounds read in ImageMagick/coders/mat.c:406
input file to trigger crash ** Attachment added: "id:000224,sig:06,src:004192+004496,op:splice,rep:128" https://bugs.launchpad.net/bugs/1545366/+attachment/4571281/+files/id%3A000224%2Csig%3A06%2Csrc%3A004192+004496%2Cop%3Asplice%2Crep%3A128 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545366 Title: out-of-bounds read in ImageMagick/coders/mat.c:406 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545366] [NEW] out-of-bounds read in ImageMagick/coders/mat.c:406
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit Command: magick id:000224,sig:06,src:004192+004496,op:splice,rep:128 /dev/null = ==4438==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb48075b4 at pc 0x8596f01 bp 0xbfa1e608 sp 0xbfa1e600 READ of size 4 at 0xb48075b4 thread T0 #0 0x8596f00 in CalcMinMax /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/mat.c:406 #1 0x8588988 in ReadMATImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/mat.c:939 #2 0x8a60c98 in ReadImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:494 #3 0x8a68b0f in ReadImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:844 #4 0x92aee29 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4680 #5 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #6 0x904447d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:474 #7 0x90477f5 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786 #8 0x904bcd9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172 #9 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74 #10 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85 #11 0xb74dda82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #12 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb48075b6 is located 0 bytes to the right of 54-byte region [0xb4807580,0xb48075b6) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81888e9 in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:475 #2 0x81888e9 in AcquireQuantumMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:548 #3 0x8a60c98 in ReadImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:494 #4 0x8a68b0f in ReadImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:844 #5 0x92aee29 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4680 #6 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #7 0x904447d in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:474 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/mat.c:406 CalcMinMax Shadow bytes around the buggy address: 0x36900e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36900e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36900e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36900e90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36900ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x36900eb0: 00 00 00 00 00 00[06]fa fa fa fa fa 00 00 00 00 0x36900ec0: 00 00 05 fa fa fa fa fa 00 00 00 00 00 00 05 fa 0x36900ed0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa 0x36900ee0: fd fd fd fd fd fd fd fa fa fa fa fa 00 00 00 00 0x36900ef0: 00 00 00 04 fa fa fa fa 00 00 00 00 00 00 00 04 0x36900f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==4438==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545366 Title: out-of-bounds read in ImageMagick/coders/mat.c:406 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545367] Re: SEGV in ImageMagick/MagickCore/locale.c:1517
https://github.com/ImageMagick/ImageMagick/issues/130 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545367 Title: SEGV in ImageMagick/MagickCore/locale.c:1517 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545367] [NEW] SEGV in ImageMagick/MagickCore/locale.c:1517
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit Command: magick id:000359,sig:06,src:006660,op:havoc,rep:2 /dev/null ASAN:SIGSEGV = ==4985==ERROR: AddressSanitizer: SEGV on unknown address 0xa13fa11c (pc 0x0808c946 sp 0xbff94780 bp 0xbff947c8 T0) #0 0x808c945 in strncasecmp (/usr/local/bin/magick+0x808c945) #1 0x814fe14 in LocaleNCompare /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/locale.c:1517 #2 0x82857c5 in WriteTo8BimProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:1431 #3 0x8284fac in DeleteImageProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:192 #4 0x89e9ec4 in TransformImageColorspace /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/colorspace.c:1281 #5 0x873f635 in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2735 #6 0x8a6b5b8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091 #7 0x8a6ef9c in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309 #8 0x92af4ff in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714 #9 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #10 0x9045373 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526 #11 0x90477f5 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786 #12 0x904bcd9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172 #13 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74 #14 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85 #15 0xb7517a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #16 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 strncasecmp ==4985==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545367 Title: SEGV in ImageMagick/MagickCore/locale.c:1517 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545367] Re: SEGV in ImageMagick/MagickCore/locale.c:1517
input file to trigger crash ** Attachment added: "id:000359,sig:06,src:006660,op:havoc,rep:2" https://bugs.launchpad.net/bugs/1545367/+attachment/4571282/+files/id%3A000359%2Csig%3A06%2Csrc%3A006660%2Cop%3Ahavoc%2Crep%3A2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545367 Title: SEGV in ImageMagick/MagickCore/locale.c:1517 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545180] Re: out-of-bounds write in coders/psd.c:2225
https://github.com/ImageMagick/ImageMagick/issues/128 ** Summary changed: - out-of-bounds write in fuzz_results_2016_02_12/fuzzer01/crashes/id:43,sig:06,src:000224,op:flip1,pos:15' @ error/psd.c/ReadPSDChannelRLE/1002. + out-of-bounds write in coders/psd.c:2225 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545180 Title: out-of-bounds write in coders/psd.c:2225 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545183] Re: out-of-bounds read in ImageMagick/coders/viff.c:692:35
https://github.com/ImageMagick/ImageMagick/issues/129 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545183 Title: out-of-bounds read in ImageMagick/coders/viff.c:692:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545183] [NEW] out-of-bounds read in ImageMagick/coders/viff.c:692:35
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit Command: magick id:97,sig:06,src:000777,op:flip4,pos:520 /dev/null = ==31884==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb2eff494 at pc 0x8863b29 bp 0xbffefea8 sp 0xbffefea0 READ of size 1 at 0xb2eff494 thread T0 #0 0x8863b28 in ReadVIFFImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/viff.c:692:35 #1 0x8a8b8d8 in ReadImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:494 #2 0x8a9374f in ReadImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:844 #3 0x93759a9 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4680 #4 0x937de91 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #5 0x910affd in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:474 #6 0x910e375 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786 #7 0x9112859 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172 #8 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74 #9 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85 #10 0xb7477a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #11 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb2eff494 is located 0 bytes to the right of 1447038100-byte region [0x5cafe800,0xb2eff494) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81888e9 in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:475 #2 0x81888e9 in AcquireQuantumMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:548 #3 0x8a8b8d8 in ReadImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:494 #4 0x8a9374f in ReadImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:844 #5 0x93759a9 in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4680 #6 0x937de91 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #7 0x910affd in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:474 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/viff.c:692 ReadVIFFImage Shadow bytes around the buggy address: 0x365dfe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x365dfe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x365dfe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x365dfe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x365dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x365dfe90: 00 00[04]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365dfea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365dfeb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365dfec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365dfed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365dfee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==31884==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545183 Title: out-of-bounds read in ImageMagick/coders/viff.c:692:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545180] [NEW] out-of-bounds write in coders/psd.c:2225
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit Command: magick id:43,sig:06,src:000224,op:flip1,pos:15 /dev/null magick: InvalidLength `/home/user/Desktop/FuzzImageMagick/fuzz_results_2016_02_12/fuzzer01/crashes/id:43,sig:06,src:000224,op:flip1,pos:15' @ error/psd.c/ReadPSDChannelRLE/1002. = ==31657==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4003bc1 at pc 0x8767a1a bp 0xbfe4ba18 sp 0xbfe4ba10 WRITE of size 1 at 0xb4003bc1 thread T0 #0 0x8767a19 in PSDPackbitsEncodeImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2225 #1 0x87648eb in WritePackbitsLength /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2289 #2 0x876123f in WriteImageChannels /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2389 #3 0x875dd8c in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2974 #4 0x8a961f8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091 #5 0x8a99bdc in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309 #6 0x937607f in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714 #7 0x937de91 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #8 0x910bef3 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526 #9 0x910e375 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786 #10 0x9112859 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172 #11 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74 #12 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85 #13 0xb74dba82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #14 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb4003bc1 is located 0 bytes to the right of 257-byte region [0xb4003ac0,0xb4003bc1) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81888e9 in AcquireMagickMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:475 #2 0x81888e9 in AcquireQuantumMemory /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/memory.c:548 #3 0x875dd8c in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2974 #4 0x8a961f8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091 #5 0x8a99bdc in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309 #6 0x937607f in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714 #7 0x937de91 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174 #8 0x910bef3 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2225 PSDPackbitsEncodeImage Shadow bytes around the buggy address: 0x36800720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36800730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36800740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36800750: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x36800760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36800770: 00 00 00 00 00 00 00 00[01]fa fa fa fa fa fa fa 0x36800780: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x36800790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x368007a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 0x368007b0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x368007c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==31657==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545180 Title: out-of-bounds write in coders/psd.c:2225 To manage notifications about this bug go to:
[Bug 1545180] Re: out-of-bounds write in fuzz_results_2016_02_12/fuzzer01/crashes/id:000043, sig:06, src:000224, op:flip1, pos:15' @ error/psd.c/ReadPSDChannelRLE/1002.
input file to trigger crash ** Attachment added: "id:43,sig:06,src:000224,op:flip1,pos:15" https://bugs.launchpad.net/bugs/1545180/+attachment/4570514/+files/id%3A43%2Csig%3A06%2Csrc%3A000224%2Cop%3Aflip1%2Cpos%3A15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545180 Title: out-of-bounds write in coders/psd.c:2225 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1545183] Re: out-of-bounds read in ImageMagick/coders/viff.c:692:35
input file to trigger crash ** Attachment added: "id:97,sig:06,src:000777,op:flip4,pos:520" https://bugs.launchpad.net/bugs/1545183/+attachment/4570516/+files/id%3A97%2Csig%3A06%2Csrc%3A000777%2Cop%3Aflip4%2Cpos%3A520 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1545183 Title: out-of-bounds read in ImageMagick/coders/viff.c:692:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542785] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:839
Reported upstream at https://github.com/ImageMagick/ImageMagick/issues/126 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542785 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:839 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542785] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:839
input file to trigger crash ** Attachment added: "id:000351,sig:06,src:005875,op:havoc,rep:128" https://bugs.launchpad.net/bugs/1542785/+attachment/4565782/+files/id%3A000351%2Csig%3A06%2Csrc%3A005875%2Cop%3Ahavoc%2Crep%3A128 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542785 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:839 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542785] [NEW] out-of-bounds write in ./MagickCore/pixel-accessor.h:839
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit 5572ef67a81385837decff3746026b9abfd4a599 Command: magick id:000351,sig:06,src:005875,op:havoc,rep:128 /dev/null = ==21278==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5404cc0 at pc 0x8fc9cf8 bp 0xbfd29cd8 sp 0xbfd29cd0 WRITE of size 2 at 0xb5404cc0 thread T0 #0 0x8fc9cf7 in ImportCbYCrYQuantum /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/./MagickCore/pixel-accessor.h:839 #1 0x8fc9cf7 in ImportQuantumPixels /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/quantum-import.c:4183 #2 0x84b5417 in ReadDPXImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/dpx.c:1266 #3 0x8a8b0fa in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #4 0x8a92f6f in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #5 0x9375259 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4680 #6 0x937d741 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5174 #7 0x910a89d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #8 0x910dc15 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #9 0x91120f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #10 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #11 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #12 0xb74f9a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb5404cc0 is located 0 bytes to the right of 4032-byte region [0xb5403d00,0xb5404cc0) allocated by thread T0 here: #0 0x80c7061 in __interceptor_posix_memalign (/usr/local/bin/magick+0x80c7061) #1 0x81881bf in AcquireAlignedMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:273 #2 0x89a8e5e in OpenPixelCache /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/cache.c:3402 #3 0x89b5d3f in GetImagePixelCache /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/cache.c:1583 #4 0x89c2c29 in SyncImagePixelCache /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/cache.c:5023 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/./MagickCore/pixel-accessor.h:839 ImportCbYCrYQuantum Shadow bytes around the buggy address: 0x36a80940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36a80980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36a80990: 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa 0x36a809a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a809b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a809c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a809d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36a809e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==21278==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542785 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:839 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539061] Re: out-of-bounds write in MagickCore/memory.c:707:23
** Attachment added: "id:00,sig:06,src:00,op:flip1,pos:119" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061/+attachment/4564239/+files/id%3A00%2Csig%3A06%2Csrc%3A00%2Cop%3Aflip1%2Cpos%3A119 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539061 Title: out-of-bounds write in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537424] Re: out-of-bounds read in ./MagickCore/quantum-private.h:266
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/98 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537424 Title: out-of-bounds read in ./MagickCore/quantum-private.h:266 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537424/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542107] Re: out-of-bounds write in coders/pdb.c:691
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/117 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542107 Title: out-of-bounds write in coders/pdb.c:691 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539050] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:766
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/102 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539050 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:766 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542114] Re: out-of-bounds read in coders/wpg.c:342:19
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/120 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542114 Title: out-of-bounds read in coders/wpg.c:342:19 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542125] Re: SEGV in MagickCore/memory.c:974
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/123 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542125 Title: SEGV in MagickCore/memory.c:974 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542109] Re: out-of-bounds read in coders/pcx.c:536
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/118 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542109 Title: out-of-bounds read in coders/pcx.c:536 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542109/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542111] Re: out-of-bounds write in MagickCore/memory.c:711
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/119 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542111 Title: out-of-bounds write in MagickCore/memory.c:711 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537213] Re: out-of-bounds read in coders/hdr.c:622
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/90 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537213 Title: out-of-bounds read in coders/hdr.c:622 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542112] Re: out-of-bounds write in coders/pdb.c:697
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/121 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542112 Title: out-of-bounds write in coders/pdb.c:697 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539061] Re: out-of-bounds write in MagickCore/memory.c:707:23
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/107 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539061 Title: out-of-bounds write in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542115] Re: out-of-bounds read in MagickCore/memory.c:707:23
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/122 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542115 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539051] Re: out-of-bounds read in coders/xcf.c:381:36
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/103 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539051 Title: out-of-bounds read in coders/xcf.c:381:36 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542109] [NEW] out-of-bounds read in coders/pcx.c:536
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000169,sig:06,src:000734+004696,op:splice,rep:128 /dev/null = ==32731==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb3503080 at pc 0x8652c1c bp 0xbfc261a8 sp 0xbfc261a0 READ of size 1 at 0xb3503080 thread T0 #0 0x8652c1b in ReadPCXImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pcx.c:536 #1 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #2 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #3 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #4 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #5 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #6 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #7 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #8 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #9 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #10 0xb7477a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #11 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb3503080 is located 0 bytes to the right of 2048-byte region [0xb3502880,0xb3503080) allocated by thread T0 here: #0 0x80c7061 in __interceptor_posix_memalign (/usr/local/bin/magick+0x80c7061) #1 0x8189123 in AcquireAlignedMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:273 #2 0x8189123 in AcquireVirtualMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:597 #3 0x864a867 in ReadPCXImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pcx.c:394 #4 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #5 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #6 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #7 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #8 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pcx.c:536 ReadPCXImage Shadow bytes around the buggy address: 0x366a05c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x366a05d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x366a05e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x366a05f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x366a0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x366a0610:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x366a0620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x366a0630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x366a0640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x366a0650: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x366a0660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==32731==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542109 Title: out-of-bounds read in coders/pcx.c:536 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542109/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542109] Re: out-of-bounds read in coders/pcx.c:536
input file to trigger crash ** Attachment added: "id:000169,sig:06,src:000734+004696,op:splice,rep:128" https://bugs.launchpad.net/bugs/1542109/+attachment/4564224/+files/id%3A000169%2Csig%3A06%2Csrc%3A000734+004696%2Cop%3Asplice%2Crep%3A128 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542109 Title: out-of-bounds read in coders/pcx.c:536 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542109/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539050] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:766
** Attachment added: "id:04,sig:06,src:01,op:int8,pos:864,val:+1" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+attachment/4564220/+files/id%3A04%2Csig%3A06%2Csrc%3A01%2Cop%3Aint8%2Cpos%3A864%2Cval%3A+1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539050 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:766 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542106] [NEW] out-of-bounds read in MagickCore/memory.c:707:23
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:80,sig:06,src:000197,op:ext_AO,pos:146 /dev/null = ==31853==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0950c4bf at pc 0x818c1eb bp 0xbff345b8 sp 0xbff345b0 READ of size 4096 at 0x0950c4bf thread T0 #0 0x818c1ea in CopyMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:707:23 #1 0x888dfb8 in ExtractPostscript /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:787 #2 0x887f751 in ReadWPGImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:1077 #3 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #4 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #5 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #8 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #9 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #10 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #11 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #12 0xb744ea82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0x0950c4bf is located 33 bytes to the left of global variable '.str2' from 'MagickCore/magick.c' (0x950c4e0) of size 34 '.str2' is ascii string 'name != (const char *) ((void*)0)' 0x0950c4bf is located 23 bytes to the right of global variable '__PRETTY_FUNCTION__.AcquireMagickInfo' from 'MagickCore/magick.c' (0x950c460) of size 72 '__PRETTY_FUNCTION__.AcquireMagickInfo' is ascii string 'MagickInfo *AcquireMagickInfo(const char *, const char *, const char *)' SUMMARY: AddressSanitizer: global-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:707 CopyMagickMemory Shadow bytes around the buggy address: 0x212a1840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x212a1850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x212a1860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x212a1870: 00 00 00 00 00 00 00 00 00 00 00 00 04 f9 f9 f9 0x212a1880: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 =>0x212a1890: 00 00 00 00 00 f9 f9[f9]f9 f9 f9 f9 00 00 00 00 0x212a18a0: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 01 f9 f9 0x212a18b0: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 03 f9 f9 f9 0x212a18c0: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 05 f9 f9 f9 0x212a18d0: f9 f9 f9 f9 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 0x212a18e0: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==31853==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542106 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542106/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542106] Re: out-of-bounds read in MagickCore/memory.c:707:23
input file to trigger crash ** Attachment added: "id:80,sig:06,src:000197,op:ext_AO,pos:146" https://bugs.launchpad.net/bugs/1542106/+attachment/4564221/+files/id%3A80%2Csig%3A06%2Csrc%3A000197%2Cop%3Aext_AO%2Cpos%3A146 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542106 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542106/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539050] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:766
** Attachment added: "id:81,sig:06,src:000197,op:ext_AO,pos:686" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+attachment/4564222/+files/id%3A81%2Csig%3A06%2Csrc%3A000197%2Cop%3Aext_AO%2Cpos%3A686 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539050 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:766 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542107] Re: out-of-bounds write in coders/pdb.c:691
input file to trigger crash ** Attachment added: "id:000102,sig:06,src:000277,op:int16,pos:140,val:+1024" https://bugs.launchpad.net/bugs/1542107/+attachment/4564223/+files/id%3A000102%2Csig%3A06%2Csrc%3A000277%2Cop%3Aint16%2Cpos%3A140%2Cval%3A+1024 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542107 Title: out-of-bounds write in coders/pdb.c:691 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542107] [NEW] out-of-bounds write in coders/pdb.c:691
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000102,sig:06,src:000277,op:int16,pos:140,val:+1024 /dev/null = ==31973==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4201d80 at pc 0x866c0e6 bp 0xbfd4db78 sp 0xbfd4db70 WRITE of size 1 at 0xb4201d80 thread T0 #0 0x866c0e5 in EncodeRLE /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:691 #1 0x866c0e5 in WritePDBImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:884 #2 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #3 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #4 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #5 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #6 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 #7 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #8 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #9 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #10 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #11 0xb74d3a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #12 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb4201d80 is located 0 bytes to the right of 96-byte region [0xb4201d20,0xb4201d80) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81889a9 in AcquireMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:475 #2 0x81889a9 in AcquireQuantumMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:548 #3 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #4 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #5 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:691 EncodeRLE Shadow bytes around the buggy address: 0x36840360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36840370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36840380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36840390: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x368403a0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x368403b0:[fa]fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368403c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368403d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368403e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368403f0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa 0x36840400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==31973==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542107 Title: out-of-bounds write in coders/pdb.c:691 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542114] Re: out-of-bounds read in coders/wpg.c:342:19
input file to trigger crash ** Attachment added: "id:000338,sig:06,src:005458,op:havoc,rep:8" https://bugs.launchpad.net/bugs/1542114/+attachment/4564234/+files/id%3A000338%2Csig%3A06%2Csrc%3A005458%2Cop%3Ahavoc%2Crep%3A8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542114 Title: out-of-bounds read in coders/wpg.c:342:19 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542114] [NEW] out-of-bounds read in coders/wpg.c:342:19
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000338,sig:06,src:005458,op:havoc,rep:8 /dev/null = ==1020==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e108eb at pc 0x889da35 bp 0xbffa92f8 sp 0xbffa92f0 READ of size 1 at 0xb5e108eb thread T0 #0 0x889da34 in InsertRow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:342:19 #1 0x8886e51 in ReadWPGImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:1341 #2 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #3 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #4 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #5 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #6 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #7 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #8 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #9 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #10 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #11 0xb7525a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #12 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb5e108eb is located 0 bytes to the right of 27-byte region [0xb5e108d0,0xb5e108eb) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81889a9 in AcquireMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:475 #2 0x81889a9 in AcquireQuantumMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:548 #3 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #4 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #5 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:342 InsertRow Shadow bytes around the buggy address: 0x36bc20c0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x36bc20d0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x36bc20e0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x36bc20f0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x36bc2100: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd =>0x36bc2110: fd fd fa fa fd fd fd fd fa fa 00 00 00[03]fa fa 0x36bc2120: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x36bc2130: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x36bc2140: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x36bc2150: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x36bc2160: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==1020==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542114 Title: out-of-bounds read in coders/wpg.c:342:19 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542115] [NEW] out-of-bounds read in MagickCore/memory.c:707:23
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000346,sig:06,src:005762,op:havoc,rep:32 /dev/null = ==1064==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0950b2e4 at pc 0x80b2b26 bp 0xbfcdd908 sp 0xbfcdd4ec READ of size 4096 at 0x0950b2e4 thread T0 #0 0x80b2b25 in memcpy (/usr/local/bin/magick+0x80b2b25) #1 0x818b8fd in CopyMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:707:23 #2 0x888dfb8 in ExtractPostscript /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:787 #3 0x887f751 in ReadWPGImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/wpg.c:1077 #4 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #5 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #6 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #7 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #8 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #9 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #10 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #11 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #12 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #13 0xb74c5a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #14 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0x0950b2e4 is located 60 bytes to the left of global variable '.str185' from 'MagickCore/magic.c' (0x950b320) of size 6 0x0950b2e4 is located 0 bytes to the right of global variable '.str184' from 'MagickCore/magic.c' (0x950b2e0) of size 4 '.str184' is ascii string 'TTF' SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 memcpy Shadow bytes around the buggy address: 0x212a1600: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x212a1610: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x212a1620: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x212a1630: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x212a1640: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 00 01 f9 f9 =>0x212a1650: f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9[04]f9 f9 f9 0x212a1660: f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x212a1670: f9 f9 f9 f9 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9 0x212a1680: 06 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 0x212a1690: 07 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 0x212a16a0: 03 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==1064==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542115 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542115] Re: out-of-bounds read in MagickCore/memory.c:707:23
input file to trigger crash ** Attachment added: "id:000346,sig:06,src:005762,op:havoc,rep:32" https://bugs.launchpad.net/bugs/1542115/+attachment/4564235/+files/id%3A000346%2Csig%3A06%2Csrc%3A005762%2Cop%3Ahavoc%2Crep%3A32 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542115 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533442] Re: out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels
This bug appears was resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533442 Title: out-of-bounds read in coders/psd.c:797 ReadPSDChannelPixels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533451] Re: out-of-bounds read in MagickCore/pixel-accessor.h:778 SetPixelViaPixelInfo
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533451 Title: out-of-bounds read in MagickCore/pixel-accessor.h:778 SetPixelViaPixelInfo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533451/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537419] Re: out-of-bounds read in MagickCore/locale.c:1517
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/93 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537419 Title: out-of-bounds read in MagickCore/locale.c:1517 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537417] Re: out-of-bounds read in coders/sun.c:173
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/91 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537417 Title: out-of-bounds read in coders/sun.c:173 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537417/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533445] Re: out-of-bounds read in coders/rle.c:590 ReadRLEImage
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533445 Title: out-of-bounds read in coders/rle.c:590 ReadRLEImage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537420] Re: out-of-bounds read in coders/meta.c:496
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/94 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537420 Title: out-of-bounds read in coders/meta.c:496 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537423] Re: out-of-bounds read in ./MagickCore/pixel-accessor.h:234
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/97 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537423 Title: out-of-bounds read in ./MagickCore/pixel-accessor.h:234 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537423/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539067] Re: SIGFPE, Arithmetic exception in MagickCore/quantum.c:687
Reported upstream at: https://github.com/ImageMagick/ImageMagick/issues/110 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539067 Title: SIGFPE, Arithmetic exception in MagickCore/quantum.c:687 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537421] Re: out-of-bounds read in coders/sun.c:175
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/95 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537421 Title: out-of-bounds read in coders/sun.c:175 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539065] Re: out-of-bounds read in MagickCore/memory.c:707:23
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/108 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539065 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539065/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537422] Re: out-of-bounds read in coders/meta.c:465
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/96 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537422 Title: out-of-bounds read in coders/meta.c:465 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539052] Re: out-of-bounds read in coders/xcf.c:369:35
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/104 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539052 Title: out-of-bounds read in coders/xcf.c:369:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533447] Re: out-of-bounds read in coders/sun.c:499 ReadSUNImage
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533447 Title: out-of-bounds read in coders/sun.c:499 ReadSUNImage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537418] Re: out-of-bounds read in coders/psd.c:524
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/92 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537418 Title: out-of-bounds read in coders/psd.c:524 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537418/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533452] Re: out-of-bounds read in coders/viff.c:445 ReadVIFFImage
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533452 Title: out-of-bounds read in coders/viff.c:445 ReadVIFFImage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533452/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539059] Re: out-of-bounds read in MagickCore/memory.c:707:23
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/106 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539059 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539053] Re: out-of-bounds write in ./MagickCore/quantum-private.h:178
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/105 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539053 Title: out-of-bounds write in ./MagickCore/quantum-private.h:178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539066] Re: out-of-bounds read in MagickCore/memory.c:718:10
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/109 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539066 Title: out-of-bounds read in MagickCore/memory.c:718:10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1537425] Re: SEGV in coders/viff.c:692:35
Reported and fixed upstream at: https://github.com/ImageMagick/ImageMagick/issues/99 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1537425 Title: SEGV in coders/viff.c:692:35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542125] [NEW] SEGV in MagickCore/memory.c:974
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:04,sig:06,src:00,op:int32,pos:16,val:-1 /dev/null ASAN:SIGSEGV = ==18636==ERROR: AddressSanitizer: SEGV on unknown address 0x00ecfeef (pc 0x080839f2 sp 0xbfd20580 bp 0xbfd20610 T0) #0 0x80839f1 in __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839f1) #1 0x80839a3 in __asan::asan_free(void*, __sanitizer::StackTrace*, __asan::AllocType) (/usr/local/bin/magick+0x80839a3) #2 0x80c6a61 in __interceptor_free (/usr/local/bin/magick+0x80c6a61) #3 0x818d2e8 in RelinquishMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:974 #4 0x82c0fc6 in DestroySplayTree /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/splay-tree.c:695 #5 0x819ce1f in DestroyImageOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/option.c:1954 #6 0x8105132 in DestroyImageInfo /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1277 #7 0x80ffe67 in DestroyImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1213 #8 0x813321c in DeleteImageFromList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:298 #9 0x813321c in DestroyImageList /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:451 #10 0x87f79b3 in ReadSUNImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/sun.c:300 #11 0x8a8ad6a in ReadImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494 #12 0x8a92bdf in ReadImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844 #13 0x9375c09 in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685 #14 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #15 0x910ae9d in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474 #16 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #17 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #18 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #19 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #20 0xb7475a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #21 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 __asan::Deallocate(void*, __sanitizer::StackTrace*, __asan::AllocType) ==18636==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542125 Title: SEGV in MagickCore/memory.c:974 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542125] Re: SEGV in MagickCore/memory.c:974
input file to trigger crash ** Attachment added: "id:04,sig:06,src:00,op:int32,pos:16,val:-1" https://bugs.launchpad.net/bugs/1542125/+attachment/4564240/+files/id%3A04%2Csig%3A06%2Csrc%3A00%2Cop%3Aint32%2Cpos%3A16%2Cval%3A-1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542125 Title: SEGV in MagickCore/memory.c:974 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542125/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533450] Re: out-of-bounds write in coders/psd.c:2240 PSDPackbitsEncodeImage
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533450 Title: out-of-bounds write in coders/psd.c:2240 PSDPackbitsEncodeImage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1533449] Re: out-of-bounds read in coders/pict.c:633 EncodeImage
Resolved upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533449 Title: out-of-bounds read in coders/pict.c:633 EncodeImage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533449/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542111] [NEW] out-of-bounds write in MagickCore/memory.c:711
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000203,sig:06,src:001740,op:havoc,rep:4 /dev/null = ==417==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4101e80 at pc 0x818c2ab bp 0xbf96e128 sp 0xbf96e120 WRITE of size 1 at 0xb4101e80 thread T0 #0 0x818c2aa in CopyMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:711 #1 0x8669895 in EncodeRLE /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:692 #2 0x8669895 in WritePDBImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:884 #3 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #4 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #5 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 #8 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #9 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #10 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #11 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #12 0xb7455a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb4101e80 is located 0 bytes to the right of 96-byte region [0xb4101e20,0xb4101e80) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81889a9 in AcquireMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:475 #2 0x81889a9 in AcquireQuantumMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:548 #3 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #4 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #5 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:711 CopyMagickMemory Shadow bytes around the buggy address: 0x36820380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36820390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x368203a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x368203b0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x368203c0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x368203d0:[fa]fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368203e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x368203f0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa 0x36820400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36820410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36820420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==417==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542111 Title: out-of-bounds write in MagickCore/memory.c:711 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542112] [NEW] out-of-bounds write in coders/pdb.c:697
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick git commit %s Command: magick id:000248,sig:06,src:003373,op:havoc,rep:8 /dev/null = ==607==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5b07113 at pc 0x866c784 bp 0xbf92de28 sp 0xbf92de20 WRITE of size 1 at 0xb5b07113 thread T0 #0 0x866c783 in EncodeRLE /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:697 #1 0x866c783 in WritePDBImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:906 #2 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #3 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #4 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #5 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #6 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 #7 0x910e215 in MagickImageCommand /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786 #8 0x91126f9 in MagickCommandGenesis /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172 #9 0x80de16d in MagickMain /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74 #10 0x80de16d in main /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85 #11 0xb7490a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #12 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94) 0xb5b07113 is located 0 bytes to the right of 3-byte region [0xb5b07110,0xb5b07113) allocated by thread T0 here: #0 0x80c6bc1 in malloc (/usr/local/bin/magick+0x80c6bc1) #1 0x81889a9 in AcquireMagickMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:475 #2 0x81889a9 in AcquireQuantumMemory /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:548 #3 0x8a95688 in WriteImage /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1091 #4 0x8a9906c in WriteImages /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:1309 #5 0x93762df in CLINoImageOperator /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4719 #6 0x937e0f1 in CLIOption /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179 #7 0x910bd93 in ProcessCommandOptions /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/pdb.c:697 EncodeRLE Shadow bytes around the buggy address: 0x36b60dd0: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x36b60de0: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x36b60df0: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x36b60e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36b60e10: fa fa fa fa fa fa fa fa fa fa 04 fa fa fa 02 fa =>0x36b60e20: fa fa[03]fa fa fa 00 00 fa fa 00 04 fa fa 00 00 0x36b60e30: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 04 0x36b60e40: fa fa 00 04 fa fa 00 07 fa fa fd fd fa fa fd fd 0x36b60e50: fa fa 00 fa fa fa fd fd fa fa fd fd fa fa 00 fa 0x36b60e60: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x36b60e70: fa fa 00 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==607==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542112 Title: out-of-bounds write in coders/pdb.c:697 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542112] Re: out-of-bounds write in coders/pdb.c:697
input file to trigger crash ** Attachment added: "id:000248,sig:06,src:003373,op:havoc,rep:8" https://bugs.launchpad.net/bugs/1542112/+attachment/4564233/+files/id%3A000248%2Csig%3A06%2Csrc%3A003373%2Cop%3Ahavoc%2Crep%3A8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542112 Title: out-of-bounds write in coders/pdb.c:697 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542111] Re: out-of-bounds write in MagickCore/memory.c:711
input file to trigger crash ** Attachment added: "id:000203,sig:06,src:001740,op:havoc,rep:4" https://bugs.launchpad.net/bugs/1542111/+attachment/4564232/+files/id%3A000203%2Csig%3A06%2Csrc%3A001740%2Cop%3Ahavoc%2Crep%3A4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542111 Title: out-of-bounds write in MagickCore/memory.c:711 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539059] Re: out-of-bounds read in MagickCore/memory.c:707:23
input file to trigger crash ** Attachment added: "id:000114,sig:06,src:000277,op:havoc,rep:2" https://bugs.launchpad.net/bugs/1539059/+attachment/4558291/+files/id%3A000114%2Csig%3A06%2Csrc%3A000277%2Cop%3Ahavoc%2Crep%3A2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539059 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539061] [NEW] out-of-bounds write in MagickCore/memory.c:707:23
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick version Tested on git commit 8bc3ab67d818204fe5f0fe1dc29b873d37360461 Command: magick id:000122,sig:06,src:000277,op:havoc,rep:8 /dev/null = ==13156==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb2f0300e at pc 0x8196b43 bp 0xbf95b7c8 sp 0xbf95b7c0 WRITE of size 28 at 0xb2f0300e thread T0 #0 0x8196b42 in CopyMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:707:23 #1 0x86740c7 in EncodeRLE /home/user/Desktop/ImageMagick/coders/pdb.c:692 #2 0x86740c7 in WritePDBImage /home/user/Desktop/ImageMagick/coders/pdb.c:906 #3 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091 #4 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309 #5 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697 #6 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157 #7 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526 #8 0x910a545 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786 #9 0x910ea29 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172 #10 0x80de12d in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74 #11 0x80de12d in main /home/user/Desktop/ImageMagick/utilities/magick.c:85 #12 0xb74a1a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddf54 in _start (/usr/local/bin/magick+0x80ddf54) 0xb2f0300e is located 14 bytes to the right of 128-byte region [0xb2f02f80,0xb2f03000) allocated by thread T0 here: #0 0x80c6b81 in malloc (/usr/local/bin/magick+0x80c6b81) #1 0x8193319 in AcquireMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:475 #2 0x8193319 in AcquireQuantumMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:548 #3 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091 #4 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309 #5 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697 #6 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157 #7 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/ImageMagick/MagickCore/memory.c:707 CopyMagickMemory Shadow bytes around the buggy address: 0x365e05b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e05c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e05d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e05e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e05f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x365e0600: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e0610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e0620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e0630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e0640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x365e0650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==13156==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539061 Title: out-of-bounds write in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539059] [NEW] out-of-bounds read in MagickCore/memory.c:707:23
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick version Tested on git commit 8bc3ab67d818204fe5f0fe1dc29b873d37360461 Command: magick id:000114,sig:06,src:000277,op:havoc,rep:2 /dev/null = ==13122==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5f0ac8c at pc 0x8196b5b bp 0xbf86ba88 sp 0xbf86ba80 READ of size 128 at 0xb5f0ac8c thread T0 #0 0x8196b5a in CopyMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:707:23 #1 0x8672c7b in WritePDBImage /home/user/Desktop/ImageMagick/coders/pdb.c:893 #2 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091 #3 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309 #4 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697 #5 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157 #6 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526 #7 0x910a545 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786 #8 0x910ea29 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172 #9 0x80de12d in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74 #10 0x80de12d in main /home/user/Desktop/ImageMagick/utilities/magick.c:85 #11 0xb749fa82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #12 0x80ddf54 in _start (/usr/local/bin/magick+0x80ddf54) 0xb5f0ac8c is located 12 bytes to the right of 256-byte region [0xb5f0ab80,0xb5f0ac80) allocated by thread T0 here: #0 0x80c6b81 in malloc (/usr/local/bin/magick+0x80c6b81) #1 0x8193319 in AcquireMagickMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:475 #2 0x8193319 in AcquireQuantumMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:548 #3 0x8a9e9d8 in WriteImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1091 #4 0x8aa23bc in WriteImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:1309 #5 0x9371daf in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4697 #6 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157 #7 0x91080c3 in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:526 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/ImageMagick/MagickCore/memory.c:707 CopyMagickMemory Shadow bytes around the buggy address: 0x36be1540: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be1550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be1560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be1570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36be1580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36be1590: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be15a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be15b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36be15c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36be15d0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 0x36be15e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==13122==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539059 Title: out-of-bounds read in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539061] Re: out-of-bounds write in MagickCore/memory.c:707:23
input file to trigger crash ** Attachment added: "id:000122,sig:06,src:000277,op:havoc,rep:8" https://bugs.launchpad.net/bugs/1539061/+attachment/4558292/+files/id%3A000122%2Csig%3A06%2Csrc%3A000277%2Cop%3Ahavoc%2Crep%3A8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539061 Title: out-of-bounds write in MagickCore/memory.c:707:23 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539067] Re: SIGFPE, Arithmetic exception in MagickCore/quantum.c:687
** Attachment added: "id:000186,sig:06,src:003522,op:havoc,rep:32" https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539067/+attachment/4558295/+files/id%3A000186%2Csig%3A06%2Csrc%3A003522%2Cop%3Ahavoc%2Crep%3A32 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539067 Title: SIGFPE, Arithmetic exception in MagickCore/quantum.c:687 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539067] [NEW] SIGFPE, Arithmetic exception in MagickCore/quantum.c:687
Public bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick version Tested on git commit 8bc3ab67d818204fe5f0fe1dc29b873d37360461 Command: magick id:000186,sig:06,src:003522,op:havoc,rep:32 /dev/null Stack trace: #0 0x08def18e in SetQuantumDepth (image=, quantum_info=0xb4a01f20, depth=) at MagickCore/quantum.c:687 #1 0x08dec999 in AcquireQuantumInfo (image_info=, image=) at MagickCore/quantum.c:125 #2 0x084e5144 in WriteFITSImage (image_info=0xb5432200, image=0xb4407100, exception=) at coders/fits.c:663 #3 0x08a9e9d9 in WriteImage (image_info=, image=, exception=) at MagickCore/constitute.c:1091 #4 0x08aa23bd in WriteImages (image_info=, images=, filename=, exception=) at MagickCore/constitute.c:1309 #5 0x09371db0 in CLINoImageOperator (cli_wand=, option=, arg1n=, arg2n=) at MagickWand/operation.c:4697 #6 0x09379bc2 in CLIOption (cli_wand=0xb5c00100, option=) at MagickWand/operation.c:5157 #7 0x091080c4 in ProcessCommandOptions (cli_wand=0xb5c00100, argc=3, argv=, index=) at MagickWand/magick-cli.c:526 #8 0x0910a546 in MagickImageCommand (image_info=, argc=, argv=0xb0c4, metadata=, exception=0x2000) at MagickWand/magick-cli.c:786 #9 0x0910ea2a in MagickCommandGenesis (image_info=, command=, argc=, argv=, metadata=, exception=) at MagickWand/mogrify.c:172 #10 0x080de12e in MagickMain (argc=3, argv=0xb0c4) at utilities/magick.c:74 #11 main (argc=, argv=) at utilities/magick.c:85 ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539067 Title: SIGFPE, Arithmetic exception in MagickCore/quantum.c:687 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539050] Re: out-of-bounds write in ./MagickCore/pixel-accessor.h:766
input file to trigger crash ** Attachment added: "id:02,sig:06,src:01,op:flip1,pos:866" https://bugs.launchpad.net/bugs/1539050/+attachment/4558287/+files/id%3A02%2Csig%3A06%2Csrc%3A01%2Cop%3Aflip1%2Cpos%3A866 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539050 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:766 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539050] [NEW] out-of-bounds write in ./MagickCore/pixel-accessor.h:766
*** This bug is a security vulnerability *** Public security bug reported: This bug was found while fuzzing ImageMagick with afl-fuzz Tested on ImageMagick version Tested on git commit 8bc3ab67d818204fe5f0fe1dc29b873d37360461 Command: magick id:02,sig:06,src:01,op:flip1,pos:866 /dev/null = ==12486==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb3106606 at pc 0x88a4fda bp 0xbfdb0448 sp 0xbfdb0440 WRITE of size 2 at 0xb3106606 thread T0 #0 0x88a4fd9 in InsertRow /home/user/Desktop/ImageMagick/./MagickCore/pixel-accessor.h:766 #1 0x888ace3 in UnpackWPGRaster /home/user/Desktop/ImageMagick/coders/wpg.c:486 #2 0x888ace3 in ReadWPGImage /home/user/Desktop/ImageMagick/coders/wpg.c:1154 #3 0x8a940ba in ReadImage /home/user/Desktop/ImageMagick/MagickCore/constitute.c:494 #4 0x8a9bf2f in ReadImages /home/user/Desktop/ImageMagick/MagickCore/constitute.c:844 #5 0x93716d9 in CLINoImageOperator /home/user/Desktop/ImageMagick/MagickWand/operation.c:4663 #6 0x9379bc1 in CLIOption /home/user/Desktop/ImageMagick/MagickWand/operation.c:5157 #7 0x91071cd in ProcessCommandOptions /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:474 #8 0x910a545 in MagickImageCommand /home/user/Desktop/ImageMagick/MagickWand/magick-cli.c:786 #9 0x910ea29 in MagickCommandGenesis /home/user/Desktop/ImageMagick/MagickWand/mogrify.c:172 #10 0x80de12d in MagickMain /home/user/Desktop/ImageMagick/utilities/magick.c:74 #11 0x80de12d in main /home/user/Desktop/ImageMagick/utilities/magick.c:85 #12 0xb745aa82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #13 0x80ddf54 in _start (/usr/local/bin/magick+0x80ddf54) 0xb3106606 is located 6 bytes to the right of 25600-byte region [0xb3100200,0xb3106600) allocated by thread T0 here: #0 0x80c7021 in __interceptor_posix_memalign (/usr/local/bin/magick+0x80c7021) #1 0x8192c0f in AcquireAlignedMemory /home/user/Desktop/ImageMagick/MagickCore/memory.c:273 #2 0x89b1f8e in OpenPixelCache /home/user/Desktop/ImageMagick/MagickCore/cache.c:3402 #3 0x89bee6c in GetImagePixelCache /home/user/Desktop/ImageMagick/MagickCore/cache.c:1583 #4 0x8982d3d in QueueAuthenticPixelCacheNexus /home/user/Desktop/ImageMagick/MagickCore/cache.c:3800 #5 0x89c08b9 in QueueAuthenticPixels /home/user/Desktop/ImageMagick/MagickCore/cache.c:3970 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/ImageMagick/./MagickCore/pixel-accessor.h:766 InsertRow Shadow bytes around the buggy address: 0x36620c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36620c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36620c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36620ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x36620cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x36620cc0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36620cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36620ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36620cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36620d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36620d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone:fb Freed heap region: fd Stack left redzone:f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return:f5 Stack use after scope: f8 Global redzone:f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==12486==ABORTING ** Affects: imagemagick (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539050 Title: out-of-bounds write in ./MagickCore/pixel-accessor.h:766 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
