On GraphicsMagick 1.3.26 2017-07-04 Q8
A null pointer dereference vulnerability was found in function SVGStartElement ,which allow attackers to cause a denial of service via a crafted file.
#./gm identify $FILE
=================================================================
==120268==ERROR: SEGV on unknown address 0x000000000000 (pc 0x000000d88a70 bp 0x7fffcbf8f540 sp 0x7fffcbf8d580 T0)
==120268==The signal is caused by a READ memory access.
==120268==Hint: address points to the zero page.
#0 0xd88a6f in SVGStartElement /home/haojun/Downloads/GraphicsMagick-1.3.26/coders/svg.c:1675:35
#1 0x7f09d55ecce4 in xmlParseStartTag (/lib64/libxml2.so.2+0x42ce4)
#2 0x7f09d55fa632 (/lib64/libxml2.so.2+0x50632)
#3 0x7f09d55fb61d in xmlParseChunk (/lib64/libxml2.so.2+0x5161d)
#4 0xd7cb30 in ReadSVGImage /home/haojun/Downloads/GraphicsMagick-1.3.26/coders/svg.c:2959:14
#5 0x63f90d in ReadImage /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1607:13
#6 0x63ed64 in PingImage /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/constitute.c:1370:9
#7 0x5ab160 in IdentifyImageCommand /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/command.c:8379:17
#8 0x5b0232 in MagickCommand /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/command.c:8869:17
#9 0x5f621e in GMCommandSingle /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/command.c:17396:10
#10 0x5f4aab in GMCommand /home/haojun/Downloads/GraphicsMagick-1.3.26/magick/command.c:17449:16
#11 0x7f09d44b4b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
#12 0x4247fb in _start (/home/haojun/Downloads/IM-GM-build/bin/gm+0x4247fb)
SEGV /home/haojun/Downloads/GraphicsMagick-1.3.26/coders/svg.c:1675:35 in SVGStartElement
The poc file is in the attachment.
gm_null_pointer_dereference_in_SVGStartElement
Credit: ADLab of Venustech
The poc file is in the attachment.
Fixed by Mercurial changeset 15121:54f48ab2d52a.
Please use CVE-2017-13065 for this issue.