[Pkg-gmagick-im-team] Bug#833101: DOS by not releasing memory
Bastien ROUCARIES
roucaries.bastien at gmail.com
Sun Jul 31 20:39:42 UTC 2016
Package: src:imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: patch security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Imagemagick version prior of february 2016 does not correctly release memory
There is a resource leak in AcquireVirtualMemory resulting in major
performance degradation whenever AcquireMagickResource starts
returning false. The problem is that AcquireMagickResource calls are
not paired with calls to RelinquishMagickResource if a resource limit
is hit.
Eventually all allocations and pixel caches will start using
file-backed storage leading to major performance degradations.
Another issue is that AcquireVirtualMemory does not remove temporary
files created for failed file-backed memory mappings. This has been
adressed in IM 7.
Fixed by 4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
Bastien
More information about the Pkg-gmagick-im-team
mailing list