imagemagick is a software suite to create, edit, compose, or convert bitmap images.
A fuzz with the upstream security policy enabled, a quantum of 32 and the undefined behavior sanitizer discovered this bug.
# identify $FILE coders/rle.c:274:18: runtime error: value 1.72801e+09 is outside the range of representable values of type 'unsigned char'
18.104.22.168 (not released atm)
This bug was discovered by Agostino Sarubbo of Gentoo.
2017-03-31: bug discovered and reported to upstream
2017-03-31: upstream released a patch
2017-04-02: blog post about the issue
2017-04-09: CVE assigned
This bug was found with American Fuzzy Lop.
One Response to imagemagick: undefined behavior in coders/rle.c