Bugzilla – Bug 1172642
VUL-1: CVE-2020-13902: ImageMagick: heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding
Last modified: 2020-06-16 15:51:52 UTC
CVE-2020-13902 ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13902
Do you know the command to reproduce? I am sorry, but I do not see how the link to oss-fuzz could help me. I tried several commands over the testcase with 7.0.10-17 built with asan. None of them led to the asan report, though.
https://github.com/ImageMagick/ImageMagick/discussions/2132
(In reply to Petr Gajdos from comment #1) > Do you know the command to reproduce? > > I am sorry, but I do not see how the link to oss-fuzz could help me. I tried > several commands over the testcase with 7.0.10-17 built with asan. None of > them led to the asan report, though. Yes, unfortunately I was not able to reproduce the issue with various versions of ImageMagick either. (In reply to Petr Gajdos from comment #2) > https://github.com/ImageMagick/ImageMagick/discussions/2132 And this indeed explains why. The change in the tiff library [1], that triggers the problem, is not present in any of our code streams. We're not affected. [1] https://gitlab.com/libtiff/libtiff/-/merge_requests/99