ImageMagick Denial-of-Service Vulnerability in CLAHE Function

A denial-of-service vulnerability has been identified in ImageMagick versions prior to 7.1.2-8. The issue arises in the CLAHEImage function, where unsigned integer underflow and division-by-zero errors can lead to out-of-bounds memory access and process crashes. When the tile width or height is zero, pointer arithmetic underflows occur, causing memory corruption or resource exhaustion. This vulnerability can be exploited by processing small images or using specific command-line options.

Impact

Exploitation of this vulnerability causes the ImageMagick process to crash or leads to sustained resource exhaustion, particularly memory and cache thrashing. This behavior can disrupt services relying on ImageMagick for image processing. Additionally, the out-of-bounds memory accesses could potentially be exploited to corrupt memory, although this has not been demonstrated in practice.

Reproduction

The vulnerability can be reproduced by using the ImageMagick command-line tool with the 'CLAHE' option set to '0x0', which triggers the unsigned underflow and division-by-zero errors. This can be done with images as small as 16x2 pixels, or by uploading tiny images to services that use ImageMagick.

Remediation

Users should update to ImageMagick version 7.1.2-8, where this vulnerability has been patched.