[Pkg-gmagick-im-team] Bug#870012: use of uninitialized data in ImageMagick/coders/mat.c

Bastien ROUCARIES roucaries.bastien at gmail.com
Fri Jul 28 21:32:05 UTC 2017


Source: imagemagick
Version: 8:6.9.7.4+dfsg-13
Severity: important
Tags: security upstream
X-Debbugs-CC: team at security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
forwarded:https://github.com/ImageMagick/ImageMagick/issues/362

An issue #131 an out of bounds read involving the mat image format has
been fixed.
After the fixing commits the buffer bImgBuff is large enough to deal
with the PoC file that lead to issue #131.

However, after the fix the coder still accesses uninitialized data
which might pose a security issue or at least a bug. The first
undefined access happens within coders/mat.c:1196 in a call to
calcMinMax(). The back part of the buffer bImgBuff is now large enough
but does seemingly not contain any sensible data.



More information about the Pkg-gmagick-im-team mailing list