Vigil@nce - ImageMagick: unreachable memory reading via PNG property.c
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious PNG image, to force a read at
an invalid address in property.c of ImageMagick, in order to
trigger a denial of service.
– Impacted products: MBS, openSUSE, Unix (platform)
– Severity: 2/4
– Creation date: 12/11/2014
DESCRIPTION OF THE VULNERABILITY
The ImageMagick application is used to process images.
However, the magick/property.c file tries to read a memory area
which is not reachable, which triggers a fatal error.
An attacker can therefore create a malicious PNG image, to force a
read at an invalid address in property.c of ImageMagick, in order
to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ImageMagick-unreachable-memory-reading-via-PNG-property-c-15627