Imagemagick/convert can be crashed by processing an empty PNG
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| imagemagick (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
(I'm not sure if this classifies as security issue or not, as the crash itself is due to an assertion failure, not to a buffer overflow or similar).
When executing the command:
convert empty.png -resize 150x150 -colors 16 -colorspace RGB -quantize RGB -depth 8 -alpha remove -alpha off -format %c histogram:info:
on an empty PNG, `convert` crashes with:
convert: ../../magick/
Aborted (core dumped)
I've provided an empty PNG file for testing.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: imagemagick-6.q16 8:6.9.7.
ProcVersionSign
Uname: Linux 5.3.0-1017-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.15
Architecture: amd64
Date: Fri Jul 3 11:40:12 2020
Ec2AMI: ami-0df60f5a0d9
Ec2AMIManifest: (unknown)
Ec2Availability
Ec2InstanceType: t3.xlarge
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)
| Saverio Miroddi (64kramsystem) wrote | #1 |
| Leonidas S. Barbosa (leosilvab) wrote | #2 |
| information type: | Private Security → Public |
| Saverio Miroddi (64kramsystem) wrote | #3 |
Hi Saverio,
As you mentioned it's not a bug since this assert was added to to exactly that, trap that kind of situation.
Thanks!