exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ImageMagick Out-Of-Bounds Read / Heap Overflow

ImageMagick Out-Of-Bounds Read / Heap Overflow
Posted Nov 4, 2014
Authored by Hanno Boeck | Site hboeck.de

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

tags | advisory, overflow
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8561, CVE-2014-8562
SHA-256 | f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9

ImageMagick Out-Of-Bounds Read / Heap Overflow

Change Mirror Download
Found this with the help of fuzzing / address sanitizer.
Nothing to worry about too much, unlikely to cause any severe issues,
but it's interesting how many issues there are that can be trivially
found via fuzzing.
Please note also that imagemagick 6.8.9-9 fixes another issue that got
CVE-2014-8561:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764872




CVE-2014-8354: ImageMagick - Out-of-bounds read / heap overflow in
resize code

Description
===========

ImageMagick is vulnerable to an out of bounds read / heap overflow in
the function HorizontalFilter() in the file resize.c. It is triggered
if an image has dimensions 0x0. The issue has been found with the help
of Address Sanitizer and the fuzzing tool zzuf.

Solution
========

ImageMagick has released version 6.8.9-9 which fixes this and some
other out-of-bounds issues. GraphicsMagick, which is a fork of
ImageMagick, is not affected.

Timeline
========

2014-10-21: Discovery, informed upstream developers
2014-10-21: Patch in upstream SVN
2014-10-25: Upstream released 6.8.9-9 with fix

References
==========

http://trac.imagemagick.org/changeset/16765
Patch / upstream commit

http://www.imagemagick.org/script/changelog.php
ImageMagick Changelog

https://int21.de/cve/CVE-2014-8354-fuzzing-sample.ico
Fuzzing sample (try with convert -resize 30)

https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
This Advisory

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354



CVE-2014-8355: ImageMagick - Out-of-bounds read / heap overflow in PCX
parser

Description
===========

ImageMagick is vulnerable to an out of bounds read / heap Overflow in
the function ReadPCXImage in the file pcx.c. GraphicsMagick, which is a
fork of ImageMagick, is also affected. The issue has been found with
the help of Address Sanitizer and the fuzzing tool zzuf.

Solution
========

ImageMagick has released the fixed version 6.8.9-9 (also including
fixes for other out of bounds issues). GraphicsMagick has fixed the
issue in its repository, no release yet.

Timeline
========

2014-10-21: Discovery, informed both ImageMagick and GraphicsMagick
developers 2014-10-23: Patch in ImageMagick SVN
2014-10-25: ImageMagick released 6.8.9-9 with fix
2014-10-26: Patch in GraphicsMagick Mercurial

References
==========

http://trac.imagemagick.org/changeset/16773
Patch / upstream commit ImageMagick

http://www.imagemagick.org/script/changelog.php
ImageMagick Changelog

http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/
Patch / upstream commit Graphicsmagick

https://int21.de/cve/CVE-2014-8355-fuzzing-sample.pcx
Fuzzing sample (try with convert or identify)

https://int21.de/cve/CVE-2014-8355-pcx-oob-heap-overflow.html
This Advisory

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355



CVE-2014-8354: ImageMagick - Out-of-bounds read / heap overflow in DCM
import

Description
===========

ImageMagick is vulnerable to an out of bounds read / heap overflow in
the function ReadDCMImage() in the file dcm.c. GraphicsMagick, which is
a fork of ImageMagick, is not affected. The issue has been found with
the help of Address Sanitizer and the fuzzing tool zzuf.

Solution
========

ImageMagick has released version 6.8.9-9 which fixes this and some
other out-of-bounds issues. GraphicsMagick, which is a fork of
ImageMagick, is not affected.

Timeline
========

2014-10-24: Discovery, informed upstream developers
2014-10-25: Patch in upstream SVN
2014-10-25: Upstream released 6.8.9-9 with fix

References
==========

http://trac.imagemagick.org/changeset/16795
Patch / upstream commit

http://www.imagemagick.org/script/changelog.php
Upstream Changelog

https://int21.de/cve/CVE-2014-8562-fuzzing-sample.dcm
Fuzzing sample (try with identify or convert)

https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
This Advisory

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354
CVE-2014-8562: ImageMagick - Out-of-bounds read / heap overflow in DCM
import

Description
===========

ImageMagick is vulnerable to an out of bounds read / heap overflow in
the function ReadDCMImage() in the file dcm.c. GraphicsMagick, which is
a fork of ImageMagick, is not affected. The issue has been found with
the help of Address Sanitizer and the fuzzing tool zzuf.

Solution
========

ImageMagick has released version 6.8.9-9 which fixes this and some
other out-of-bounds issues. GraphicsMagick, which is a fork of
ImageMagick, is not affected.

Timeline
========

2014-10-24: Discovery, informed upstream developers
2014-10-25: Patch in upstream SVN
2014-10-25: Upstream released 6.8.9-9 with fix

References
==========

http://trac.imagemagick.org/changeset/16795
Patch / upstream commit

http://www.imagemagick.org/script/changelog.php
Upstream Changelog

https://int21.de/cve/CVE-2014-8562-fuzzing-sample.dcm
Fuzzing sample (try with identify or convert)

https://int21.de/cve/CVE-2014-8562-dcm-oob-heap-overflow.html
This Advisory

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562


--
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close