On GraphicsMagick 1.3.26 2017-07-04 Q8
A memory leak vulnerability was found in function ReadJNGImage in coders/png.c,which allow attackers to cause a denial of service via a crafted file.
#./gm identify $FILE
=================================================================
==39930==ERROR: detected memory leaks
Indirect leak of 6856 byte(s) in 1 object(s) allocated from:
#0 0x4e96f6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0x6dca7f in AllocateImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/image.c:336:18
#2 0xaa777f in ReadJNGImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/png.c:3718:9
#3 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#4 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#5 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#6 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#7 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#8 0x7fece074cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
Indirect leak of 4224 byte(s) in 1 object(s) allocated from:
#0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
#1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
#2 0x769a32 in GetCacheInfo /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:1986:14
#3 0xaa777f in ReadJNGImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/png.c:3718:9
#4 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#5 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#6 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#7 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#8 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#9 0x7fece074cb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
......
11839 byte(s) leaked in 14 allocation(s).
The poc file is in the attachment.
Credit: ADLab of Venustech
This problem can no longer be reproduced with current Mercurial sources.