On GraphicsMagick 1.3.26 2017-07-04 Q8
A memory leak vulnerability was found in function ReadMATImage in coders/mat.c,which allow attackers to cause a denial of service via a crafted file.
#./gm identify $FILE
=================================================================
==50436==ERROR: detected memory leaks
Indirect leak of 6856 byte(s) in 1 object(s) allocated from:
#0 0x4e96f6 in __interceptor_malloc /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
#1 0x6dca7f in AllocateImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/image.c:336:18
#2 0xbf76b0 in DecompressBlock /home/test/Downloads/GraphicsMagick-1.3.26/coders/mat.c:406:17
#3 0xbf76b0 in ReadMATImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/mat.c:835
#4 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#5 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#6 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#7 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#8 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#9 0x7ff3c0a2fb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
Indirect leak of 4224 byte(s) in 1 object(s) allocated from:
#0 0x4ea255 in posix_memalign /home/test/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:142
#1 0x71147b in MagickMallocAligned /home/test/Downloads/GraphicsMagick-1.3.26/magick/memory.c:217:7
#2 0x769a32 in GetCacheInfo /home/test/Downloads/GraphicsMagick-1.3.26/magick/pixel_cache.c:1986:14
#3 0xbf76b0 in DecompressBlock /home/test/Downloads/GraphicsMagick-1.3.26/coders/mat.c:406:17
#4 0xbf76b0 in ReadMATImage /home/test/Downloads/GraphicsMagick-1.3.26/coders/mat.c:835
#5 0x63f90d in ReadImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#6 0x63ed64 in PingImage /home/test/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#7 0x5b0232 in MagickCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#8 0x5f621e in GMCommandSingle /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#9 0x5f4aab in GMCommand /home/test/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#10 0x7ff3c0a2fb34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
......
11784 byte(s) leaked in 11 allocation(s).
The poc file is in the attachment.
Credit: ADLab of Venustech
Problem is fixed by the combination of changesets 15122:b6c54b2d5991, 15123:f87246749079, 15125:91b707030bda, 15127:3e3ef99689df, and 15128:3dd7bf268680. Thank you for reporting the problem and providing a test case.