DoS: memory corruption while processing GIF comments.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
imagemagick (Debian) |
Fix Released
|
Unknown
|
|||
imagemagick (Ubuntu) |
Fix Released
|
High
|
Jackson Doak |
Bug Description
Memory corruption while processing GIF comments. As the result malloc's private stuctures are corrupted and it causes SIGABRT and application crashes.
Here is a topic on imagemagick forum: http://
It was a problem with handling comments. '\0' symbol was places after allocated memory buffer.
To fix this problem raw memory handling functions was replaced with ConcatenateString.
Original code that solves this problem: http://
Patch that solves problem is attached to this bug report and tested in Yandex.
Related branches
- Ubuntu branches: Pending requested
-
Diff: 2014 lines (+1959/-1)6 files modified.pc/0008-memory-corruption-while-processing-GIF-comments.patch/coders/gif.c (+1917/-0)
.pc/applied-patches (+1/-0)
coders/gif.c (+4/-1)
debian/changelog (+7/-0)
debian/patches/0008-memory-corruption-while-processing-GIF-comments.patch (+29/-0)
debian/patches/series (+1/-0)
CVE References
information type: | Private Security → Public Security |
Changed in imagemagick (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in imagemagick (Debian): | |
status: | Unknown → Fix Committed |
Changed in imagemagick (Debian): | |
status: | Fix Committed → Fix Released |
Note: bug is reproduced in Ubuntu Precise. According to changelog http:// www.imagemagick .org/script/ changelog. php this bug was fixed in version 6.7.8-8.