On GraphicsMagick 1.3.26 2017-07-04 Q8
A memory leak vulnerability was found in function CloneImage in magick/image.c,which allow attackers to cause a denial of service via a crafted file.
#./gm identify $FILE
=================================================================
==39635==ERROR: detected memory leaks
Indirect leak of 6856 byte(s) in 1 object(s) allocated from:
#0 0x4e96f6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0x6e22e1 in CloneImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/image.c:941:15
#2 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#3 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#4 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#5 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#6 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#7 0x7fed6998cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
Indirect leak of 4224 byte(s) in 1 object(s) allocated from:
#0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
#1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
#2 0x769a32 in GetCacheInfo /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:1986:14
Indirect leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x4e96f6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0xef94c0 in CloneBlobInfo /home/test/Downloads/GraphicsMagick-1.3.26/magick/blob.c:808:14
#2 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#3 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#4 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#5 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#6 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#7 0x7fed6998cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
Indirect leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
#1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
#2 0x7637f7 in AllocateCacheNexus /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:2507:14
#3 0x7637f7 in OpenCacheView /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:3332
Indirect leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
#1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
#2 0x7637cd in OpenCacheView /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:3326:8
......
11784 byte(s) leaked in 11 allocation(s).
The poc file is in the attachment.
Credit ADLab of Venustech
This issue was already fixed in GraphicsMagick Mercurial on August 11th.
Please use CVE-2017-13066 for this issue.