A flaw was found in ImageMagick 7.0.8-13 Q16. A memory leak in the function WriteMSLImage of coders/msl.c. References: https://github.com/ImageMagick/ImageMagick/issues/1360 Upstream Patch: https://github.com/ImageMagick/ImageMagick/commit/c9c4ef4e7ca83d8a00effd16723f37946e89fbad
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1642615]
RHEL7: ``` ==11842== Memcheck, a memory error detector ==11842== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==11842== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==11842== Command: convert poc test.msl ==11842== convert: unable to read font `poc' @ error/annotate.c/RenderFreetype/1361. convert: non-conforming drawing primitive definition `text' @ error/draw.c/DrawImage/3352. ==11842== ==11842== HEAP SUMMARY: ==11842== in use at exit: 3,284,341 bytes in 6,098 blocks ==11842== total heap usage: 36,922 allocs, 30,824 frees, 16,318,650 bytes allocated ==11842== ==11842== 3,097,098 (13,248 direct, 3,083,850 indirect) bytes in 1 blocks are definitely lost in loss record 190 of 190 ==11842== at 0x483880B: malloc (vg_replace_malloc.c:299) ==11842== by 0x498EA43: CloneImage (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x134279D7: ??? ==11842== by 0x48F564A: WriteImage (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x48F5F71: WriteImages (in /usr/lib64/libMagickCore-6.Q16.so.5.0.0) ==11842== by 0x4B7A40F: ConvertImageCommand (in /usr/lib64/libMagickWand-6.Q16.so.5.0.0) ==11842== by 0x4BE6B60: MagickCommandGenesis (in /usr/lib64/libMagickWand-6.Q16.so.5.0.0) ==11842== by 0x1090FC: ??? (in /usr/bin/convert) ==11842== by 0x5584412: (below main) (in /usr/lib64/libc-2.28.so) ==11842== ==11842== LEAK SUMMARY: ==11842== definitely lost: 13,248 bytes in 1 blocks ==11842== indirectly lost: 3,083,850 bytes in 34 blocks ==11842== possibly lost: 0 bytes in 0 blocks ==11842== still reachable: 187,243 bytes in 6,063 blocks ==11842== suppressed: 0 bytes in 0 blocks ==11842== Reachable blocks (those to which a pointer was found) are not shown. ==11842== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==11842== ==11842== For counts of detected and suppressed errors, rerun with: -v ==11842== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) ```
ImageMagick6 script: https://github.com/ImageMagick/ImageMagick6/commit/bb77f9e905597c7ab1e92042c7de418d999b00bf
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-18544