Legacy ImageMagick Discussions Archive

Add this patch to the ImageMagick source distribution to prevent ingesting images of size 0x0:

*** magick/image.c~     2014-10-21 11:41:52.381602505 -0400
--- magick/image.c      2014-10-21 09:55:56.024220041 -0400
***************
*** 801,806 ****
--- 801,812 ----
      (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
    assert(exception != (ExceptionInfo *) NULL);
    assert(exception->signature == MagickSignature);
+   if ((image->columns == 0) || (image->rows == 0))
+     {
+       (void) ThrowMagickException(exception,GetMagickModule(),CorruptImageError,
+         "NegativeOrZeroImageSize","`%s'",image->filename);
+       return((Image *) NULL);
+     }
    clone_image=(Image *) AcquireMagickMemory(sizeof(*clone_image));
    if (clone_image == (Image *) NULL)
      ThrowImageException(ResourceLimitError,"MemoryAllocationFailed");

Patch already applied to ImageMagick 6.8.9-9 Beta. Thanks to Hanno Böck for bringing this problem to our attention.

I suppose they are security problem with this kind of stuff....

Do you have some idea of exploitation ? (please send me a private mail).

If so do you plan to ask for a CVE ?

What is the affected version ?

Bastien

Hanno Böck has requested a CVE for this and a PCX bug which we will have a fix for by sometime tomorrow.

Could you send me a private mail about the pcx issue ?

Will ask for three CVE

You got it and thanks.

Legacy ImageMagick Discussions Archive

Prevent 0x0 Sized Images

Prevent 0x0 Sized Images

Re: Prevent 0x0 Sized Images

Re: Prevent 0x0 Sized Images

Re: Prevent 0x0 Sized Images

Re: Prevent 0x0 Sized Images