graphicsmagick: assertion failure in pixel_cache.c

Description:
graphicsmagick is a collection of tools and libraries for many image formats.

The complete output of the issue:

# gm convert $FILE null
gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const unsigned long, const unsigned long, ExceptionInfo ): Assertion `image != (Image ) NULL' failed.

Affected version:
1.3.25, 1.3.26 and maybe past releases

Fixed version:
N/A

Commit fix:
http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-14649

Reproducer:
https://github.com/asarubbo/poc/blob/master/00366-graphicsmagick_assertionfailure_pixel_cache_c

Timeline:
2017-08-12: bug discovered and reported to upstream privately
2017-08-16: bug reported to the public upstream bugtracker
2017-08-29: upstream released a fix
2017-09-19: blog post about the issue
2017-09-21: CVE assigned

Note:
This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.

Permalink:

graphicsmagick: assertion failure in pixel_cache.c

This entry was posted in advisories, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.