{"id":1574,"date":"2017-04-02T16:03:30","date_gmt":"2017-04-02T14:03:30","guid":{"rendered":"http:\/\/blogs.gentoo.org\/ago\/?p=1574"},"modified":"2017-04-10T09:21:44","modified_gmt":"2017-04-10T07:21:44","slug":"imagemagick-undefined-behavior-in-codersrle-c","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/ago\/2017\/04\/02\/imagemagick-undefined-behavior-in-codersrle-c\/","title":{"rendered":"imagemagick: undefined behavior in coders\/rle.c"},"content":{"rendered":"

Description<\/strong>:
\nimagemagick<\/a> is a software suite to create, edit, compose, or convert bitmap images.<\/p>\n

A fuzz with the upstream security policy<\/a> enabled, a quantum of 32 and the undefined behavior sanitizer discovered this bug.<\/p>\n

# identify $FILE\r\ncoders\/rle.c:274:18: runtime error: value 1.72801e+09 is outside the range of representable values of type 'unsigned char'                                                                     \r\n<\/font><\/pre>\n
Affected version:<\/strong>
\n7.0.5.4<\/p>\n
Fixed version:<\/strong>
\n7.0.5.5 (not released atm)<\/p>\n
Commit fix:<\/strong>
\nhttps:\/\/github.com\/ImageMagick\/ImageMagick\/commit\/b218117cad34d39b9ffb587b45c71c5a49b12bde<\/a><\/p>\n
Credit:<\/strong>
\nThis bug was discovered by Agostino Sarubbo of Gentoo.<\/p>\n
CVE:<\/strong>
\nCVE-2017-7606<\/p>\n
Reproducer:<\/strong>
\nhttps:\/\/github.com\/asarubbo\/poc\/blob\/master\/00253-imagemagick-outside-unsigned-char<\/a><\/p>\n
Timeline:<\/strong>
\n2017-03-31: bug discovered and reported to upstream
\n2017-03-31: upstream released a patch
\n2017-04-02: blog post about the issue
\n2017-04-09: CVE assigned<\/p>\n
Note:<\/strong>
\nThis bug was found with American Fuzzy Lop<\/a>.<\/p>\n
Permalink:<\/strong><\/p>\n
imagemagick: undefined behavior in coders\/rle.c<\/a><\/p><\/blockquote>\n