ImageMagick Stack Overflow Vulnerability Due to Circular Reference Mismanagement in MSL Processing

A stack overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. The issue arises because the software fails to properly check for circular references between two MSL (Magick Scripting Language) files, leading to a stack overflow condition. This vulnerability can be exploited by creating MSL files that reference each other circularly, causing the application to enter a recursive loop that eventually leads to a stack overflow.

Impact

Exploitation of this vulnerability causes a stack overflow, which can potentially be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

To reproduce this vulnerability, create two MSL files that reference each other in a circular manner. Then, use ImageMagick to read the first MSL file. The application will process the MSL script, leading to a stack overflow condition. This can be verified by using a tool like AddressSanitizer, which will report the stack overflow error.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40, both of which contain the necessary patch to address this vulnerability.