Search...

imagemagick/encoder_heic_fuzzer: Heap-buffer-overflow in readInt

2018-04-09T21:41:37

ID OSSFUZZ-7506
Type ossfuzz
Reporter Google
Modified 2018-05-28T15:20:27

Description

Project: https://github.com/imagemagick/imagemagick.git

Detailed report: https://oss-fuzz.com/testcase?key=5714693059510272

Project: imagemagick Fuzzer: afl_imagemagick_encoder_heic_fuzzer Fuzz target binary: encoder_heic_fuzzer Job Type: afl_asan_imagemagick Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x611000000107 Crash State: readInt decodeH265Image ReadHEICImage

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://oss-fuzz.com/revisions?job=afl_asan_imagemagick&range=201803230437:201804010434

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5714693059510272

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers.

If you have questions for the OSS-Fuzz team, please file an issue at https://github.com/google/oss-fuzz/issues.

JSON Vulners Source

Initial Source

{"id": "OSSFUZZ-7506", "type": "ossfuzz", "bulletinFamily": "software", "title": "imagemagick/encoder_heic_fuzzer: Heap-buffer-overflow in readInt", "description": "Project:\nhttps://github.com/imagemagick/imagemagick.git\n\nDetailed report: https://oss-fuzz.com/testcase?key=5714693059510272\n\nProject: imagemagick\nFuzzer: afl_imagemagick_encoder_heic_fuzzer\nFuzz target binary: encoder_heic_fuzzer\nJob Type: afl_asan_imagemagick\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 1\nCrash Address: 0x611000000107\nCrash State:\n readInt\n decodeH265Image\n ReadHEICImage\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=afl_asan_imagemagick&range=201803230437:201804010434\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5714693059510272\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you have questions for the OSS-Fuzz team, please file an issue at https://github.com/google/oss-fuzz/issues.", "published": "2018-04-09T21:41:37", "modified": "2018-05-28T15:20:27", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7506", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-03T13:57:44", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": -0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.7}, "ossfuzz": {"issue": 7506, "status": "Verified", "project": "imagemagick", "ref": "https://oss-fuzz.com/revisions?job=afl_asan_imagemagick&range=201804270440:201804280447", "crashType": "Heap-buffer-overflow READ 1", "revisions": ["a1c46848fb79820f063d3e7ce885f506d53fd59d:0b2039d9d9b0bb1ad1321bc6c242b0426626bde2"], "project_repos": ["https://github.com/imagemagick/imagemagick.git"], "tags": ["7.0.10-3", "7.0.10-2", "7.0.10-1", "7.0.10-0", "7.0.9-27", "7.0.9-26", "7.0.9-25", "7.0.9-24", "7.0.9-23", "7.0.9-22", "7.0.9-21", "7.0.9-20", "7.0.9-19", "7.0.9-18", "7.0.9-17", "7.0.9-16", "7.0.9-15", "7.0.9-14", "7.0.9-13", "7.0.9-12", "7.0.9-11", "7.0.9-10", "7.0.9-9", "7.0.9-8", "7.0.9-7", "7.0.9-6", "7.0.9-5", "7.0.9-4", "7.0.9-2", "7.0.9-1", "7.0.9-0", "7.0.8-68", "7.0.8-67", "7.0.8-66", "7.0.8-65", "7.0.8-64", "7.0.8-63", "7.0.8-62", "7.0.8-61", "7.0.8-60", "7.0.8-59", "7.0.8-58", "7.0.8-57", "7.0.8-56", "7.0.8-55", "7.0.8-54", "7.0.8-53", "7.0.8-52", "7.0.8-51", "7.0.8-50", "7.0.8-49", "7.0.8-48", "7.0.8-47", "7.0.8-46", "7.0.8-45", "7.0.8-44", "7.0.8-43", "7.0.8-42", "7.0.8-41", "7.0.8-40", "7.0.8-39", "7.0.8-38", "7.0.8-37", "7.0.8-36", "7.0.8-35", "7.0.8-34", "7.0.8-33", "7.0.8-32", "7.0.8-31", "7.0.8-30", "7.0.8-29", "7.0.8-28", "7.0.8-27", "7.0.8-26", "7.0.8-25", "7.0.8-24", "7.0.8-23", "7.0.8-22", "7.0.8-21", "7.0.8-20", "7.0.8-19", "7.0.8-18", "7.0.8-17", "7.0.8-16", "7.0.8-15", "7.0.8-14", "7.0.8-13", "7.0.8-12", "7.0.8-11", "7.0.8-10", "7.0.8-9", "7.0.8-8", "7.0.8-7", "7.0.8-6", "7.0.8-5", "7.0.8-4", "7.0.8-3", "7.0.8-2", "7.0.8-1", "7.0.8-0", "7.0.7-39", "7.0.7-38", "7.0.7-37", "7.0.7-36", "7.0.7-35", "7.0.7-34", "7.0.7-33", "7.0.7-32", "7.0.7-31", "7.0.7-30", "7.0.7-29", "7.0.7-28", "7.0.7-27", "7.0.7-26", "7.0.7-25", "7.0.7-24", "7.0.7-23", "7.0.7-22", "7.0.7-21", "7.0.7-20", "7.0.7-19", "7.0.7-18", "7.0.7-17", "7.0.7-16", "7.0.7-15", "7.0.7-14", "7.0.7-13", "7.0.7-12", "7.0.7-11", "7.0.7-10", "7.0.7-9", "7.0.7-8", "7.0.7.7", "7.0.7-6", "7.0.7-5", "7.0.7-4", "7.0.7-3", "7.0.7-2", "7.0.7-1", "7.0.7-0", "7.0.6-9", "7.0.6-8", "7.0.6-7", "7.0.6-6", "7.0.6-5", "7.0.6-4", "7.0.6-3", "7.0.6-2", "7.0.6-1", "7.0.6-0", "7.0.5-10", "7.0.5-9", "7.0.5-8", "7.0.5-7", "7.0.5-6", "7.0.5-5", "7.0.5-4", "7.0.5-3", "7.0.5-2", "7.0.5-1", "7.0.5-0", "7.0.4-10", "7.0.4-9", "7.0.4-8", "7.0.4-7", "7.0.4-6", "7.0.4-5", "7.0.4-4", "7.0.4-3", "7.0.4-2", "7.0.4-1", "7.0.4-0", "7.0.3-10", "7.0.3-9", "7.0.3-8", "7.0.3-7", "7.0.3-6", "7.0.3-5", "7.0.3-4", "7.0.3-3", "7.0.3-2", "7.0.3-1", "7.0.3-0", "7.0.2-10", "7.0.2-9", "7.0.2-8", "7.0.2-7", "7.0.2-6", "7.0.2-5", "7.0.2-4", "7.0.2-3", "7.0.2-2", "7.0.2-1", "7.0.2-0", "7.0.1-10", "7.0.1-9", "7.0.1-8", "7.0.1-7", "7.0.1-6", "7.0.1-5", "7.0.1-4", "7.0.1-3", "7.0.1-2", "7.0.1-1", "7.0.1-0"]}, "affectedSoftware": [{"name": "imagemagick", "version": "7.0.7.7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-28", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-27", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-26", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-25", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-24", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-23", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-22", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-21", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-20", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-19", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-18", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-17", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-16", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-15", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-14", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-13", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-12", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-11", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.7-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.6-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.5-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.4-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.3-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.2-0", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-10", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-9", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-8", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-7", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-6", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-5", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-4", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-3", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-2", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-1", "operator": "eq"}, {"name": "imagemagick", "version": "7.0.1-0", "operator": "eq"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645672029}}