graphicsmagick: assertion failure in pixel_cache.c

["Agostino Sarubbo" <ago () gentoo org>]

Description:
graphicsmagick is a collection of tools and libraries for many image formats.

The complete output of the issue:

# gm convert $FILE null
gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const 
unsigned long, const unsigned long, ExceptionInfo ): Assertion `image != (Image ) NULL' 
failed.

Affected version:
1.3.25, 1.3.26 and maybe past releases

Fixed version:
N/A

Commit fix:
http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-14649

Reproducer:
https://github.com/asarubbo/poc/blob/master/00366-graphicsmagick_assertionfailure_pixel_cache_c

Timeline:
2017-08-12: bug discovered and reported to upstream privately
2017-08-16: bug reported to the public upstream bugtracker
2017-08-29: upstream released a fix
2017-09-19: blog post about the issue
2017-09-21: CVE assigned

Note:
This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core 
Infrastructure Initiative.

Permalink:
https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c

--
Agostino Sarubbo
Gentoo Linux Developer