Vigil@nce - ImageMagick: integer overflow via Magick_png_malloc
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious PNG image which generates an
integer overflow in Magick_png_malloc, leading to a denial of
service.
Severity: 2/4
Creation date: 30/07/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The ImageMagick application is used to process images.
The Magick_png_malloc() function of file coders/png.c allocates
the memory to store elements of a PNG image. However, the size to
allocate is converted ("casted") to an incorrect type.
An attacker can therefore create a malicious PNG image which
generates an integer overflow in Magick_png_malloc, leading to a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ImageMagick-integer-overflow-via-Magick-png-malloc-11804