ImageMagick Magick++ Font Family Option Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in ImageMagick's Magick++ layer, affecting versions prior to 7.1.2-9 and 6.9.13-34. The issue arises when the Options::fontFamily method is called with an empty string, leading to a double-free condition. This occurs because the font family option is cleared by freeing the font string, but the draw information still points to the now-freed memory. Subsequent operations that clean up or reuse the font information can inadvertently free or dereference this dangling pointer, causing crashes or heap corruption.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where memory that has been freed is still accessible, potentially allowing for arbitrary code execution or causing a program crash. Additionally, the vulnerability introduces a double-free scenario, where the same memory is freed multiple times, causing allocator errors.

Remediation

Users can update to ImageMagick versions 7.1.2-9 or 6.9.13-34, where this vulnerability has been fixed.