*** This bug is a security vulnerability ***
Public security bug reported:
This bug was found while fuzzing ImageMagick with afl-fuzz
Tested on ImageMagick git commit
5afc3a6a4c6cc8a2226bbd96ea60c80d975b56cc
Command: magick id:000119,sig:06,src:001982,op:int32,pos:16,val:-1
/dev/null
ASAN:SIGSEGV
=================================================================
==23655==ERROR: AddressSanitizer: SEGV on unknown address 0xfeffffff (pc
0x0808c433 sp 0xbfb18140 bp 0xbfb18188 T0)
#0 0x808c432 in __interceptor_strcasecmp (/usr/local/bin/magick+0x808c432)
#1 0x814aa4c in LocaleCompare
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/locale.c:1417
#2 0x8232e86 in CompareSplayTreeString
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:419
#3 0x823fdbe in Splay
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1492
#4 0x823040f in SplaySplayTree
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:1583
#5 0x82351c0 in DeleteNodeFromSplayTree
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/splay-tree.c:619
#6 0x822281f in RelinquishUniqueFileResource
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/resource.c:1000
#7 0x88941e8 in RelinquishPixelCachePixels
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:886
#8 0x8893e87 in DestroyPixelCache
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:943
#9 0x8893b66 in DestroyImagePixels
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/cache.c:823
#10 0x80ff39a in DestroyImage
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/image.c:1189
#11 0x8132efc in DeleteImageFromList
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:298
#12 0x8132efc in DestroyImageList
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/list.c:451
#13 0x8748c73 in ReadSUNImage
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/coders/sun.c:300
#14 0x89163de in ReadImage
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:494
#15 0x89181ee in ReadImages
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickCore/constitute.c:844
#16 0x8dac5b9 in CLINoImageOperator
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:4690
#17 0x8db4aa1 in CLIOption
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/operation.c:5184
#18 0x8b3f08d in ProcessCommandOptions
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:474
#19 0x8b42405 in MagickImageCommand
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/magick-cli.c:786
#20 0x8b468e9 in MagickCommandGenesis
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/MagickWand/mogrify.c:172
#21 0x80ddf3d in MagickMain
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:74
#22 0x80ddf3d in main
/home/user/Desktop/FuzzImageMagick-master/ImageMagick/utilities/magick.c:85
#23 0xb755aa82 in __libc_start_main
/build/eglibc-617sU_/eglibc-2.19/csu/libc-start.c:287
#24 0x80ddd64 in _start (/usr/local/bin/magick+0x80ddd64)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 __interceptor_strcasecmp
==23655==ABORTING
** Affects: imagemagick (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549042
Title:
SEGV in MagickCore/locale.c:1417
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1549042/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
