Open ConcoctionSec opened 3 years ago
Thanks for the report. I don't see any attached poc file (the link is empty) Could you perhaps provide that file?
Meanwhile, it appears you are building against an OpenEXR-2.3.X release. It's possible later releases already have a fix for this, as it is similar to #248
Sorry, because of my negligence to use an empty poc link, the poc link has now been updated. I will look over #248 and try to use the latest version of openexr.Thank you for your reply.
I saw that in this issue, a similar issue was confirmed as CVE-2017-14988.
Operating system, version and so on
Ubuntu 18.04, 64bit
Project version
dev version,ImageMagick 7.0.11-5,git clone https://github.com/ImageMagick/ImageMagick.git
Description
When we execute the convert command in ImageMagick, ASAN reports the error allocation-size-too-big. We found that the flaw is within the OpenEXR delegate library, not ImageMagick. The exception occurs inside this call: ImfOpenInputFile(), an OpenEXR API call.
Steps to Reproduce
Command
Compile the ImageMagick:
Compile with ASAN:
Please run the following cmd with poc file. POC
Result
The result of running without ASAN:
Information obtained by using ASAN:
Additional information: