Bug 1642614 (CVE-2018-18544)
Summary: | CVE-2018-18544 ImageMagick: memory leak in WriteMSLImage of coders/msl.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jhorak, mike, pahan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ImageMagick 7.0.8-13, ImageMagick 6.9.10-13 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-31 22:33:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1642615, 1650299 | ||
Bug Blocks: | 1637193, 1642616 |
Description
Laura Pardo
2018-10-24 20:00:05 UTC
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1642615] RHEL7: ``` ==11842== Memcheck, a memory error detector ==11842== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==11842== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==11842== Command: convert poc test.msl ==11842== convert: unable to read font `poc' @ error/annotate.c/RenderFreetype/1361. convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3352. ==11842== ==11842== HEAP SUMMARY: ==11842== in use at exit: 3,284,341 bytes in 6,098 blocks ==11842== total heap usage: 36,922 allocs, 30,824 frees, 16,318,650 bytes allocated ==11842== ==11842== 3,097,098 (13,248 direct, 3,083,850 indirect) bytes in 1 blocks are definitely lost in loss record 190 of 190 ==11842== at 0x483880B: malloc (vg_replace_malloc.c:299) ==11842== by 0x498EA43: CloneImage (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x134279D7: ??? ==11842== by 0x48F564A: WriteImage (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x48F5F71: WriteImages (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x4B7A40F: ConvertImageCommand (in /usr/lib64/libMagickWand-6.Q16.so.5.0.0) ==11842== by 0x4BE6B60: MagickCommandGenesis (in /usr/lib64/libMagickWand-6.Q16.so.5.0.0) ==11842== by 0x1090FC: ??? (in /usr/bin/convert) ==11842== by 0x5584412: (below main) (in /usr/lib64/libc-2.28.so) ==11842== ==11842== LEAK SUMMARY: ==11842== definitely lost: 13,248 bytes in 1 blocks ==11842== indirectly lost: 3,083,850 bytes in 34 blocks ==11842== possibly lost: 0 bytes in 0 blocks ==11842== still reachable: 187,243 bytes in 6,063 blocks ==11842== suppressed: 0 bytes in 0 blocks ==11842== Reachable blocks (those to which a pointer was found) are not shown. ==11842== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==11842== ==11842== For counts of detected and suppressed errors, rerun with: -v ==11842== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ``` ImageMagick6 script: https://github.com/ImageMagick/ImageMagick6/commit/bb77f9e905597c7ab1e92042c7de418d999b00bf This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-18544 |