Legacy ImageMagick Discussions Archive

System: Unbuntu 10.4
Version: libmagick++5 8:6.7.7.10-ubuntu2

The following image:
http://titania.create3000.de/fileadmin/ ... /metal.gif
causes a crash in Magick::readImages.

The image data is read in a std::string and passed to this function:

Magick::Image
Texture::getImage (const std::string & data)
{
std::list <Magick::Image> images;
Magick::readImages (&images, Magick::Blob (data .c_str (), data .length ()));
...
}

A backtrace give the following output:

*** Error in `/home/holger/Projekte/Titania/Titania/.libs/lt-titania': double free or corruption (!prev): 0x00002aaae80d2290 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x80a46)[0x2aaaaf564a46]
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5(RelinquishMagickMemory+0xf)[0x2aaaad0c4aaf]
/usr/lib/x86_64-linux-gnu/ImageMagick-6.7.7/modules-Q16/coders/gif.so(+0x261a)[0x2aaaf10a861a]
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5(ReadImage+0x192)[0x2aaaad01f4b2]
/usr/lib/x86_64-linux-gnu/libMagickCore.so.5(BlobToImage+0x1d7)[0x2aaaacfeb787]
/home/holger/Projekte/Titania/libtitania-x3d/.libs/libtitania-x3d.so.0(_ZN7titania3X3D7Texture8getImageERKSs+0x6e)[0x2aaaae04593e]

It is a old image: the last date I can get is the 22-Jun-1996 16:41.

There is another image with the same error from 22-Jun-1996 17:10:

http://titania.create3000.de/fileadmin/ ... /water.gif

I am unable to reproduce this with the latest version of ImageMagick. Can you try to see if that will fix your problem?

Is secuurity bug CVE-2013-4298. Please do an anouncement

See viewtopic.php?f=4&t=24081.