New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in /MagickCore/quantum-private.h #1857
Comments
Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow. |
Thanks for amazing work! |
You should request one yourself. |
2020-03-01 7.0.10-0 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 7.0.10-0, GIT revision 17... 2020-03-01 7.0.10-0 Cristy <quetzlzacatenango@image...> * Label text no longer gets cut-off (reference https://imagemagick.org/discourse-server/viewtopic.php?f=1&t=37621). * Prevent heap overflow (reference ImageMagick/ImageMagick#1857).
CVE-2023-3745,received after 3 years lol |
Prerequisites
Description
There is a vlun heap overflow found in " /MagickCore/quantum-private.h:236:11 in PushCharPixel"
Steps to Reproduce
crashed file
ASAN's full log can be found in here
port of ASAN's log
System Configuration
DISTRIB_ID=Ubuntu DISTRIB_RELEASE=19.10 DISTRIB_CODENAME=eoan DISTRIB_DESCRIPTION="Ubuntu 19.10
The text was updated successfully, but these errors were encountered: