[Bug 1218248] Re: DoS: memory corruption while processing GIF comments.
Jackson Doak
Doak.jackson at gmail.com
Sat Aug 31 07:43:14 UTC 2013
I've attached a bzr branch ready for merging with the fix.
** Changed in: imagemagick (Ubuntu)
Status: Triaged => In Progress
** Changed in: imagemagick (Ubuntu)
Assignee: (unassigned) => Jackson Doak (noskcaj)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1218248
Title:
DoS: memory corruption while processing GIF comments.
Status in “imagemagick” package in Ubuntu:
In Progress
Status in “imagemagick” package in Debian:
Fix Committed
Bug description:
Memory corruption while processing GIF comments. As the result
malloc's private stuctures are corrupted and it causes SIGABRT and
application crashes.
Here is a topic on imagemagick forum: http://www.imagemagick.org
/discourse-server/viewtopic.php?f=3&t=23921 . You can easily reproduce
problem with images from this topic.
It was a problem with handling comments. '\0' symbol was places after allocated memory buffer.
To fix this problem raw memory handling functions was replaced with ConcatenateString.
Original code that solves this problem: http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c
Patch that solves problem is attached to this bug report and tested in
Yandex.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248/+subscriptions
More information about the foundations-bugs
mailing list