ImageMagick Integer Overflow Vulnerability in BMP Decoder on 32-bit Systems

A moderate integer overflow vulnerability has been identified in the BMP decoder of ImageMagick, affecting versions prior to 7.1.2-7 and 6.9.13-32 on 32-bit systems. The issue arises in the BMP decoding process when the software multiplies image columns by bits per pixel, leading to an overflow that can wrap the value to zero. This vulnerability is exploitable by crafting a malicious BMP file with specific dimensions, which can cause the image processing to fail and trigger a denial-of-service condition. The vulnerability only affects 32-bit builds of ImageMagick where the default resource limits for image dimensions have been manually increased.

Impact

Exploitation of this vulnerability causes the ImageMagick process to crash, leading to a denial-of-service condition. This can disrupt services that rely on ImageMagick for image processing, such as web applications or content delivery networks that generate thumbnails.

Reproduction

The vulnerability can be reproduced by using a 32-bit build of ImageMagick that has been compiled with AddressSanitizer enabled. After increasing the default resource limits for width, height, and area, the vulnerability can be triggered by processing a specially crafted BMP file that exploits the integer overflow in the BMP decoder.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-7 or 6.9.13-32, where this vulnerability has been patched.