[Bug 1545367] [NEW] SEGV in ImageMagick/MagickCore/locale.c:1517

Moshe Kaplan mk.moshe.kaplan at gmail.com
Sun Feb 14 01:15:42 UTC 2016 

*** This bug is a security vulnerability ***

Public security bug reported:

This bug was found while fuzzing ImageMagick with afl-fuzz

Tested on ImageMagick git commit <unknown>

Command: magick id:000359,sig:06,src:006660,op:havoc,rep:2 /dev/null

ASAN:SIGSEGV
=================================================================
==4985==ERROR: AddressSanitizer: SEGV on unknown address 0xa13fa11c (pc 0x0808c946 sp 0xbff94780 bp 0xbff947c8 T0)
    #0 0x808c945 in strncasecmp (/usr/local/bin/magick+0x808c945)
    #1 0x814fe14 in LocaleNCompare /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/locale.c:1517
    #2 0x82857c5 in WriteTo8BimProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:1431
    #3 0x8284fac in DeleteImageProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:192
    #4 0x89e9ec4 in TransformImageColorspace /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/colorspace.c:1281
    #5 0x873f635 in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2735
    #6 0x8a6b5b8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091
    #7 0x8a6ef9c in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309
    #8 0x92af4ff in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714
    #9 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174
    #10 0x9045373 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526
    #11 0x90477f5 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786
    #12 0x904bcd9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172
    #13 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74
    #14 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85
    #15 0xb7517a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #16 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strncasecmp
==4985==ABORTING

** Affects: imagemagick (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1545367

Title:
  SEGV in ImageMagick/MagickCore/locale.c:1517

Status in imagemagick package in Ubuntu:
  New

Bug description:
  This bug was found while fuzzing ImageMagick with afl-fuzz

  Tested on ImageMagick git commit <unknown>

  Command: magick id:000359,sig:06,src:006660,op:havoc,rep:2 /dev/null

  ASAN:SIGSEGV
  =================================================================
  ==4985==ERROR: AddressSanitizer: SEGV on unknown address 0xa13fa11c (pc 0x0808c946 sp 0xbff94780 bp 0xbff947c8 T0)
      #0 0x808c945 in strncasecmp (/usr/local/bin/magick+0x808c945)
      #1 0x814fe14 in LocaleNCompare /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/locale.c:1517
      #2 0x82857c5 in WriteTo8BimProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:1431
      #3 0x8284fac in DeleteImageProfile /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/profile.c:192
      #4 0x89e9ec4 in TransformImageColorspace /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/colorspace.c:1281
      #5 0x873f635 in WritePSDImage /home/user/Desktop/FuzzImageMagick/ImageMagick/coders/psd.c:2735
      #6 0x8a6b5b8 in WriteImage /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1091
      #7 0x8a6ef9c in WriteImages /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickCore/constitute.c:1309
      #8 0x92af4ff in CLINoImageOperator /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:4714
      #9 0x92b7311 in CLIOption /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/operation.c:5174
      #10 0x9045373 in ProcessCommandOptions /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:526
      #11 0x90477f5 in MagickImageCommand /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/magick-cli.c:786
      #12 0x904bcd9 in MagickCommandGenesis /home/user/Desktop/FuzzImageMagick/ImageMagick/MagickWand/mogrify.c:172
      #13 0x80de16d in MagickMain /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:74
      #14 0x80de16d in main /home/user/Desktop/FuzzImageMagick/ImageMagick/utilities/magick.c:85
      #15 0xb7517a82 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
      #16 0x80ddf94 in _start (/usr/local/bin/magick+0x80ddf94)

  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV ??:0 strncasecmp
  ==4985==ABORTING

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367/+subscriptions

More information about the foundations-bugs mailing list