ID OSSFUZZ-15453Type ossfuzzReporter GoogleModified 2020-04-01T20:46:55
Description
Project:
https://github.com/imagemagick/imagemagick.git
Detailed report: https://oss-fuzz.com/testcase?key=5634686653562880
Project: imagemagick
Fuzzer: libFuzzer_imagemagick_encoder_j2k_fuzzer
Fuzz target binary: encoder_j2k_fuzzer
Job Type: libfuzzer_asan_imagemagick
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x62b000006fd0
Crash State:
ReadJP2Image
ReadImage
BlobToImage
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_imagemagick&range=201902190429:201902200433
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5634686653562880
Issue manually filed by: alex.gaynor
See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for instructions to reproduce this bug locally.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
{"id": "OSSFUZZ-15453", "type": "ossfuzz", "bulletinFamily": "software", "title": "imagemagick/encoder_j2k_fuzzer: Heap-buffer-overflow in ReadJP2Image", "description": "Project:\nhttps://github.com/imagemagick/imagemagick.git\n\nDetailed report: https://oss-fuzz.com/testcase?key=5634686653562880\n\nProject: imagemagick\nFuzzer: libFuzzer_imagemagick_encoder_j2k_fuzzer\nFuzz target binary: encoder_j2k_fuzzer\nJob Type: libfuzzer_asan_imagemagick\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 4\nCrash Address: 0x62b000006fd0\nCrash State:\n ReadJP2Image\n ReadImage\n BlobToImage\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_imagemagick&range=201902190429:201902200433\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5634686653562880\n\nIssue manually filed by: alex.gaynor\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for instructions to reproduce this bug locally.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.", "published": "2019-06-23T04:29:34", "modified": "2020-04-01T20:46:55", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15453", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-05-01T20:20:54", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": -0.8, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.8}, "ossfuzz": {"issue": 15453, "status": "Verified", "project": "imagemagick", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_msan_imagemagick&range=201912270352:201912300353", "crashType": "Heap-buffer-overflow READ 4", "revisions": ["7fdd47ede0b4e40fa7b0fd5ffe1b6e6ebe60437e:6fd118f86ae52b6c11aa11fae9876ff9975c8623"], "project_repos": ["https://github.com/imagemagick/imagemagick.git"], "tags": ["7.0.10-10", "7.0.10-9", "7.0.10-8", "7.0.10-7", "7.0.10-6", "7.0.10-5", "7.0.10-4", "7.0.10-3", "7.0.10-2", "7.0.10-1", "7.0.10-0", "7.0.9-27", "7.0.9-26", "7.0.9-25", "7.0.9-24", "7.0.9-23", "7.0.9-22", "7.0.9-21", "7.0.9-20", "7.0.9-19", "7.0.9-18", "7.0.9-17", "7.0.9-16", "7.0.9-15", "7.0.9-14", "7.0.9-13", "7.0.9-12", "7.0.9-11", "7.0.9-10", "7.0.9-9", "7.0.9-8", "7.0.9-7", "7.0.9-6", "7.0.9-5", "7.0.9-4", "7.0.9-2", "7.0.9-1", "7.0.9-0", "7.0.8-68", "7.0.8-67", "7.0.8-66", "7.0.8-65", "7.0.8-64", "7.0.8-63", "7.0.8-62", "7.0.8-61", "7.0.8-60", "7.0.8-59", "7.0.8-58", "7.0.8-57", "7.0.8-56", "7.0.8-55", "7.0.8-54", "7.0.8-53", "7.0.8-52", "7.0.8-51", "7.0.8-50", "7.0.8-49", "7.0.8-48", "7.0.8-47", "7.0.8-46", "7.0.8-45", "7.0.8-44", "7.0.8-43", "7.0.8-42", "7.0.8-41", "7.0.8-40", "7.0.8-39", "7.0.8-38", "7.0.8-37", "7.0.8-36", "7.0.8-35", "7.0.8-34", "7.0.8-33", "7.0.8-32", "7.0.8-31", "7.0.8-30", "7.0.8-29", "7.0.8-28", "7.0.8-27", "7.0.8-26", "7.0.8-25", "7.0.8-24", "7.0.8-23", "7.0.8-22", "7.0.8-21", "7.0.8-20", "7.0.8-19", "7.0.8-18", "7.0.8-17", "7.0.8-16", "7.0.8-15", "7.0.8-14", "7.0.8-13", "7.0.8-12", "7.0.8-11", "7.0.8-10", "7.0.8-9", "7.0.8-8", "7.0.8-7", "7.0.8-6", "7.0.8-5", "7.0.8-4", "7.0.8-3", "7.0.8-2", "7.0.8-1", "7.0.8-0", "7.0.7-39", "7.0.7-38", "7.0.7-37", "7.0.7-36", "7.0.7-35", "7.0.7-34", "7.0.7-33", "7.0.7-32", "7.0.7-31", "7.0.7-30", "7.0.7-29", "7.0.7-28", "7.0.7-27", "7.0.7-26", "7.0.7-25", "7.0.7-24", "7.0.7-23", "7.0.7-22", "7.0.7-21", "7.0.7-20", "7.0.7-19", "7.0.7-18", "7.0.7-17", "7.0.7-16", "7.0.7-15", "7.0.7-14", "7.0.7-13", "7.0.7-12", "7.0.7-11", "7.0.7-10", "7.0.7-9", "7.0.7-8", "7.0.7.7", "7.0.7-6", "7.0.7-5", "7.0.7-4", "7.0.7-3", "7.0.7-2", "7.0.7-1", "7.0.7-0", "7.0.6-9", "7.0.6-8", "7.0.6-7", "7.0.6-6", "7.0.6-5", "7.0.6-4", "7.0.6-3", "7.0.6-2", "7.0.6-1", "7.0.6-0", "7.0.5-10", "7.0.5-9", "7.0.5-8", "7.0.5-7", "7.0.5-6", "7.0.5-5", "7.0.5-4", "7.0.5-3", "7.0.5-2", "7.0.5-1", "7.0.5-0", "7.0.4-10", "7.0.4-9", "7.0.4-8", "7.0.4-7", "7.0.4-6", "7.0.4-5", "7.0.4-4", "7.0.4-3", "7.0.4-2", "7.0.4-1", "7.0.4-0", "7.0.3-10", "7.0.3-9", "7.0.3-8", "7.0.3-7", "7.0.3-6", "7.0.3-5", "7.0.3-4", "7.0.3-3", "7.0.3-2", "7.0.3-1", "7.0.3-0", "7.0.2-10", "7.0.2-9", "7.0.2-8", "7.0.2-7", "7.0.2-6", "7.0.2-5", "7.0.2-4", "7.0.2-3", "7.0.2-2", "7.0.2-1", "7.0.2-0", "7.0.1-10", "7.0.1-9", "7.0.1-8", "7.0.1-7", "7.0.1-6", "7.0.1-5", "7.0.1-4", "7.0.1-3", "7.0.1-2", "7.0.1-1", "7.0.1-0"]}, "affectedSoftware": [{"name": "imagemagick", "version": "7.0.9-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-68", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-67", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-66", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-65", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-64", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-63", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-62", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-61", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-60", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-59", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-58", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-57", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-56", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-55", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-54", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-53", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-52", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-51", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-50", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-49", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-48", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-47", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-46", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-45", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-44", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-43", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-42", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-41", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-40", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-39", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-38", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-37", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-36", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-35", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-34", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-33", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-32", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-31", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-30", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-29", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-28", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-27", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-26", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-25", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-24", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-23", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-22", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-21", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-20", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-19", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-18", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-17", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-16", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-15", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-14", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-13", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7.7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-39", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-38", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-37", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-36", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-35", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-34", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-33", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-32", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-31", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-30", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-29", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-28", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-27", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-26", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-25", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-24", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-23", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-22", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-21", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-20", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-19", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-18", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-17", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-16", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-15", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-14", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-13", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-0", "operator": "eq"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645490316}}
{}
