Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 22 Sep 2017 06:57:48 +0000
From: "Agostino Sarubbo" <>
To: "" <>
Subject: graphicsmagick: assertion failure in pixel_cache.c

graphicsmagick is a collection of tools and libraries for many image formats.

The complete output of the issue:

# gm convert $FILE null
gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const unsigned long, const unsigned long, ExceptionInfo ): Assertion `image != (Image ) NULL' 

Affected version:
1.3.25, 1.3.26 and maybe past releases

Fixed version:

Commit fix:

This bug was discovered by Agostino Sarubbo of Gentoo.



2017-08-12: bug discovered and reported to upstream privately
2017-08-16: bug reported to the public upstream bugtracker
2017-08-29: upstream released a fix
2017-09-19: blog post about the issue
2017-09-21: CVE assigned

This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.


Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.