Category Archives: advisories

Description: graphicsmagick is a collection of tools and libraries for many image formats. After some test I realized that the fix for CVE-2017-11403 was not enough, see also: graphicsmagick: use-after-free in CloseBlob (blob.c) The complete ASan output of the issue: … Continue reading →

Description: graphicsmagick is a collection of tools and libraries for many image formats. The relevant ASan output of the issue: # gm convert -clip -negate $FILE out ==15168==End of process memory map. ==15168==AddressSanitizer CHECK failed: /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_common.cc:120 “((0 && “unable to … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2k ==159529==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fde59900160 at pc 0x000000450bef bp 0x7ffe7641f3c0 sp 0x7ffe7641eb70 WRITE of size 36 … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k ASAN:DEADLYSIGNAL ================================================================= ==13239==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4f2e9b4800 (pc … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -I -cinema4K -n 1 -i $FILE -o null.jp2 ==133214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100000012b at pc 0x7f221efde81a bp 0x7ffd4c1d9ad0 sp 0x7ffd4c1d9ac8 WRITE of … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2c ==81142==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000b6 at pc 0x7fc39ca4a189 bp 0x7fff91c10aa0 sp 0x7fff91c10a98 WRITE of size 1 … Continue reading →

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2c ==78690==ERROR: AddressSanitizer failed to allocate 0x5ea7983000 (406538694656) bytes of LargeMmapAllocator (error code: 12) ==78690==Process memory map follows: … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. The complete ASan output of the issue: # convert $FILE null ==109188==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000049f8 at pc 0x7f81ecd9b4c2 bp 0x7ffe3c52f850 sp 0x7ffe3c52f848 READ of … Continue reading →

Description: imagemagick is a software suite to create, edit, compose, or convert bitmap images. The complete ASan output of the issue: # convert $FILE null ==151587==ERROR: AddressSanitizer: heap-use-after-free on address 0x627000037d50 at pc 0x7f4697f94380 bp 0x7ffd1011d370 sp 0x7ffd1011d368 READ of … Continue reading →