GraphicsMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successful exploits may allow the attacker to crash the affected application. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
GraphicsMagick 1.3.8 through 1.4 snapshot-20190403 Q8 are vulnerable.
Information
GraphicsMagick GraphicsMagick 1.3.8
GraphicsMagick GraphicsMagick 1.4 snapshot-2019040
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- #605 heap-buffer-overflow in function WritePDBImage of coders/pdb.c (Graphicsmagick)
- GraphicsMagick Homepage (GraphicsMagick)
- WritePDBImage(): Use correct bits/sample rather than image->depth. Avoids potent (Graphicsmagick)