imagemagick: null pointer must never be null (tiff.c)

Description:
imagemagick is a software suite to create, edit, compose, or convert bitmap images.

A fuzz on an updated version with the undefined behavior sanitizer enabled, revealed a null pointer which is declared to never be null.

The complete UBSan output:

# identify $FILE
coders/tiff.c:655:39: runtime error: null pointer passed as argument 2, which is declared to never be null
MagickCore/string_.h:76:23: note: nonnull attribute specified here

Affected version:
7.0.3.6

Fixed version:
7.0.3.7

Commit fix:
https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2016-9559

Reproducer:
https://github.com/asarubbo/poc/blob/master/00049-imagemagick-pointernerverbenull

Timeline:
2016-11-09: bug discovered and reported to upstream
2016-11-09: upstream released a patch
2016-11-15: upstream released 7.0.3.7
2016-11-19: blog post about the issue
2016-11-23: CVE assigned

Note:
This bug was found with American Fuzzy Lop.

Permalink:

imagemagick: null pointer must never be null (tiff.c)

This entry was posted in advisories, security. Bookmark the permalink.

2 Responses to imagemagick: null pointer must never be null (tiff.c)

  1. Pingback: SB17-065: Vulnerability Summary for the Week of February 27, 2017 – sec.uno

  2. Pingback: SB17-065: Vulnerability Summary for the Week of February 27, 2017 – serwer1777266

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.