ImageMagick Heap Buffer Overflow Vulnerability in Filename Interpretation

A heap buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-0 and 6.9.13-26. The issue arises in the 'InterpretImageFilename' function, where an off-by-one error leads to out-of-bounds memory access. This vulnerability is triggered when format strings containing consecutive percent signs are processed.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, which can commonly be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling ImageMagick with AddressSanitizer enabled, which will detect memory errors. After compiling, the 'magick' command-line utility can be used to process a filename argument that includes consecutive percent signs. This triggers the vulnerability by causing the application to read beyond the allocated memory, which can be observed in the AddressSanitizer output indicating a heap-buffer-overflow error.

Remediation

Users should upgrade to ImageMagick versions 7.1.2-0 or 6.9.13-26, where this vulnerability has been fixed.