*** This bug is a security vulnerability ***
Public security bug reported:
This bug was found while fuzzing ImageMagick with afl-fuzz
Tested on ImageMagick git commit %s
Command: magick id:000004,sig:06,src:000000,op:int32,pos:16,val:-1
/dev/null
ASAN:SIGSEGV
=================================================================
==18636==ERROR: AddressSanitizer: SEGV on unknown address 0x00ecfeef (pc
0x080839f2 sp 0xbfd20580 bp 0xbfd20610 T0)
#0 0x80839f1 in __asan::Deallocate(void*, __sanitizer::StackTrace*,
__asan::AllocType) (/usr/local/bin/magick+0x80839f1)
#1 0x80839a3 in __asan::asan_free(void*, __sanitizer::StackTrace*,
__asan::AllocType) (/usr/local/bin/magick+0x80839a3)
#2 0x80c6a61 in __interceptor_free (/usr/local/bin/magick+0x80c6a61)
#3 0x818d2e8 in RelinquishMagickMemory
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/memory.c:974
#4 0x82c0fc6 in DestroySplayTree
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/splay-tree.c:695
#5 0x819ce1f in DestroyImageOptions
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/option.c:1954
#6 0x8105132 in DestroyImageInfo
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1277
#7 0x80ffe67 in DestroyImage
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/image.c:1213
#8 0x813321c in DeleteImageFromList
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:298
#9 0x813321c in DestroyImageList
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/list.c:451
#10 0x87f79b3 in ReadSUNImage
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/coders/sun.c:300
#11 0x8a8ad6a in ReadImage
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:494
#12 0x8a92bdf in ReadImages
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickCore/constitute.c:844
#13 0x9375c09 in CLINoImageOperator
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:4685
#14 0x937e0f1 in CLIOption
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/operation.c:5179
#15 0x910ae9d in ProcessCommandOptions
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:474
#16 0x910e215 in MagickImageCommand
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/magick-cli.c:786
#17 0x91126f9 in MagickCommandGenesis
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/MagickWand/mogrify.c:172
#18 0x80de16d in MagickMain
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:74
#19 0x80de16d in main
/home/user/Desktop/imagemagick_fuzz_results/ImageMagick/utilities/magick.c:85
#20 0xb7475a82 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
#21 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 __asan::Deallocate(void*,
__sanitizer::StackTrace*, __asan::AllocType)
==18636==ABORTING
** Affects: imagemagick (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1542125
Title:
SEGV in MagickCore/memory.c:974
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542125/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
