Search...

imagemagick:ping_dng_fuzzer: Heap-buffer-overflow in LibRaw::sony_decrypt

2019-10-31T03:21:53

ID OSSFUZZ-18621
Type ossfuzz
Reporter Google
Modified 2019-12-03T16:42:08

Description

Project: https://github.com/imagemagick/imagemagick.git

Detailed Report: https://oss-fuzz.com/testcase?key=5632223331483648

Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: ping_dng_fuzzer Job Type: libfuzzer_asan_i386_imagemagick Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0xf5ff98e1 Crash State: LibRaw::sony_decrypt LibRaw::parseSonySRF LibRaw::parse_exif

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Crash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_i386_imagemagick&revision=201910120302

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5632223331483648

Issue manually filed by: alex.gaynor

See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

JSON Vulners Source

Initial Source

{"id": "OSSFUZZ-18621", "type": "ossfuzz", "bulletinFamily": "software", "title": "imagemagick:ping_dng_fuzzer: Heap-buffer-overflow in LibRaw::sony_decrypt", "description": "Project:\nhttps://github.com/imagemagick/imagemagick.git\n\nDetailed Report: https://oss-fuzz.com/testcase?key=5632223331483648\n\nProject: imagemagick\nFuzzing Engine: libFuzzer\nFuzz Target: ping_dng_fuzzer\nJob Type: libfuzzer_asan_i386_imagemagick\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 4\nCrash Address: 0xf5ff98e1\nCrash State:\n LibRaw::sony_decrypt\n LibRaw::parseSonySRF\n LibRaw::parse_exif\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nCrash Revision: https://oss-fuzz.com/revisions?job=libfuzzer_asan_i386_imagemagick&revision=201910120302\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5632223331483648\n\nIssue manually filed by: alex.gaynor\n\nSee https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.", "published": "2019-10-31T03:21:53", "modified": "2019-12-03T16:42:08", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18621", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-03T13:44:25", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2020-04-03T13:44:25", "rev": 2}, "score": {"value": -0.8, "vector": "NONE", "modified": "2020-04-03T13:44:25", "rev": 2}, "vulnersScore": -0.8}, "ossfuzz": {"issue": 18621, "status": "Verified", "project": "imagemagick", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_asan_i386_imagemagick&range=201910310306:201911030303", "crashType": "Heap-buffer-overflow READ 4", "revisions": ["9a536eab81c6e92cf30032ad9ac17036b02aa748:d9f191a20b46aa83ab45d509adf4cc83a2591adf"], "project_repos": ["https://github.com/imagemagick/imagemagick.git"], "tags": ["7.0.10-3", "7.0.10-2", "7.0.10-1", "7.0.10-0", "7.0.9-27", "7.0.9-26", "7.0.9-25", "7.0.9-24", "7.0.9-23", "7.0.9-22", "7.0.9-21", "7.0.9-20", "7.0.9-19", "7.0.9-18", "7.0.9-17", "7.0.9-16", "7.0.9-15", "7.0.9-14", "7.0.9-13", "7.0.9-12", "7.0.9-11", "7.0.9-10", "7.0.9-9", "7.0.9-8", "7.0.9-7", "7.0.9-6", "7.0.9-5", "7.0.9-4", "7.0.9-2", "7.0.9-1", "7.0.9-0", "7.0.8-68", "7.0.8-67", "7.0.8-66", "7.0.8-65", "7.0.8-64", "7.0.8-63", "7.0.8-62", "7.0.8-61", "7.0.8-60", "7.0.8-59", "7.0.8-58", "7.0.8-57", "7.0.8-56", "7.0.8-55", "7.0.8-54", "7.0.8-53", "7.0.8-52", "7.0.8-51", "7.0.8-50", "7.0.8-49", "7.0.8-48", "7.0.8-47", "7.0.8-46", "7.0.8-45", "7.0.8-44", "7.0.8-43", "7.0.8-42", "7.0.8-41", "7.0.8-40", "7.0.8-39", "7.0.8-38", "7.0.8-37", "7.0.8-36", "7.0.8-35", "7.0.8-34", "7.0.8-33", "7.0.8-32", "7.0.8-31", "7.0.8-30", "7.0.8-29", "7.0.8-28", "7.0.8-27", "7.0.8-26", "7.0.8-25", "7.0.8-24", "7.0.8-23", "7.0.8-22", "7.0.8-21", "7.0.8-20", "7.0.8-19", "7.0.8-18", "7.0.8-17", "7.0.8-16", "7.0.8-15", "7.0.8-14", "7.0.8-13", "7.0.8-12", "7.0.8-11", "7.0.8-10", "7.0.8-9", "7.0.8-8", "7.0.8-7", "7.0.8-6", "7.0.8-5", "7.0.8-4", "7.0.8-3", "7.0.8-2", "7.0.8-1", "7.0.8-0", "7.0.7-39", "7.0.7-38", "7.0.7-37", "7.0.7-36", "7.0.7-35", "7.0.7-34", "7.0.7-33", "7.0.7-32", "7.0.7-31", "7.0.7-30", "7.0.7-29", "7.0.7-28", "7.0.7-27", "7.0.7-26", "7.0.7-25", "7.0.7-24", "7.0.7-23", "7.0.7-22", "7.0.7-21", "7.0.7-20", "7.0.7-19", "7.0.7-18", "7.0.7-17", "7.0.7-16", "7.0.7-15", "7.0.7-14", "7.0.7-13", "7.0.7-12", "7.0.7-11", "7.0.7-10", "7.0.7-9", "7.0.7-8", "7.0.7.7", "7.0.7-6", "7.0.7-5", "7.0.7-4", "7.0.7-3", "7.0.7-2", "7.0.7-1", "7.0.7-0", "7.0.6-9", "7.0.6-8", "7.0.6-7", "7.0.6-6", "7.0.6-5", "7.0.6-4", "7.0.6-3", "7.0.6-2", "7.0.6-1", "7.0.6-0", "7.0.5-10", "7.0.5-9", "7.0.5-8", "7.0.5-7", "7.0.5-6", "7.0.5-5", "7.0.5-4", "7.0.5-3", "7.0.5-2", "7.0.5-1", "7.0.5-0", "7.0.4-10", "7.0.4-9", "7.0.4-8", "7.0.4-7", "7.0.4-6", "7.0.4-5", "7.0.4-4", "7.0.4-3", "7.0.4-2", "7.0.4-1", "7.0.4-0", "7.0.3-10", "7.0.3-9", "7.0.3-8", "7.0.3-7", "7.0.3-6", "7.0.3-5", "7.0.3-4", "7.0.3-3", "7.0.3-2", "7.0.3-1", "7.0.3-0", "7.0.2-10", "7.0.2-9", "7.0.2-8", "7.0.2-7", "7.0.2-6", "7.0.2-5", "7.0.2-4", "7.0.2-3", "7.0.2-2", "7.0.2-1", "7.0.2-0", "7.0.1-10", "7.0.1-9", "7.0.1-8", "7.0.1-7", "7.0.1-6", "7.0.1-5", "7.0.1-4", "7.0.1-3", "7.0.1-2", "7.0.1-1", "7.0.1-0"]}, "affectedSoftware": [{"name": "imagemagick", "version": "7.0.9-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.9-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-68", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-67", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-66", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-65", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-64", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-63", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-62", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-61", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-60", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-59", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-58", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-57", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-56", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-55", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-54", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-53", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-52", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-51", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-50", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-49", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-48", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-47", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-46", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-45", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-44", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-43", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-42", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-41", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-40", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-39", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-38", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-37", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-36", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-35", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-34", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-33", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-32", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-31", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-30", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-29", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-28", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-27", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-26", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-25", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-24", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-23", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-22", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-21", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-20", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-19", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-18", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-17", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-16", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-15", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-14", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-13", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.8-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7.7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-39", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-38", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-37", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-36", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-35", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-34", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-33", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-32", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-31", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-30", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-29", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-28", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-27", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-26", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-25", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-24", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-23", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-22", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-21", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-20", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-19", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-18", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-17", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-16", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-15", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-14", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-13", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-0", "operator": "eq"}]}