Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
User avatar
fmw42
Posts: 25664
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by fmw42 » 2016-05-23T16:37:25-07:00

On older systems (6.9.3.7), I can create a textfile and convert it to raster image by

Code: Select all

im6937 convert text.txt test.gif
or

Code: Select all

cat text.txt |\
im6937 convert text:- test.gif
and it works fine.

But on current IM, I get error messages

Code: Select all

convert text.txt test.gif
convert: improper image header `text.txt' @ error/txt.c/ReadTXTImage/440.
convert: no images defined `text.jpg' @ error/convert.c/ConvertImageCommand/3257.

Code: Select all

cat text.txt |\
convert text:- test.gif
Assertion failed: (exception != (ExceptionInfo *) NULL), function ReadTEXTImage, file coders/txt.c, line 197.
Abort trap

Are these related to the new policy.xml security fixes?

User avatar
magick
Site Admin
Posts: 11078
Joined: 2003-05-31T11:32:55-07:00

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by magick » 2016-05-24T04:38:18-07:00

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

User avatar
fmw42
Posts: 25664
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by fmw42 » 2016-05-30T16:22:14-07:00

Still seems to be a problem using IM 6.9.4.5 Q16 and IM 7.0.1.7 Q16

Code: Select all

cat text.txt
testing

This fails:

Code: Select all

convert text.txt text.gif
convert: improper image header `text.txt' @ error/txt.c/ReadTXTImage/443.
convert: no images defined `text.gif' @ error/convert.c/ConvertImageCommand/3257.



This works:

Code: Select all

cat text.txt |\
convert text:- text.gif

User avatar
magick
Site Admin
Posts: 11078
Joined: 2003-05-31T11:32:55-07:00

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by magick » 2016-05-31T03:44:08-07:00

Try
  • convert text:text.txt text.gif
The change was part of our review of ImageMagick to make it more secure. The MVG, MSL, and text coders now must be explicit (e.g. mvg:image.mvg).

User avatar
fmw42
Posts: 25664
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by fmw42 » 2016-05-31T09:27:30-07:00

Just to be clear, my error was about

Code: Select all

convert text.txt text.gif
Not

Code: Select all

convert text:text.txt text.gif
So I had no colon :

Is reading a simple text file textfile.txt as input considered the equivalent of text:textfile.txt

User avatar
magick
Site Admin
Posts: 11078
Joined: 2003-05-31T11:32:55-07:00

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by magick » 2016-05-31T09:44:32-07:00

To read a text file you need an explicit modifier (text:input.txt). Otherwise ImageMagick assumes its pixels in the TXT format, e.g. convert logo: logo.txt.

User avatar
fmw42
Posts: 25664
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by fmw42 » 2016-05-31T09:58:33-07:00

Thanks. But this works,

Code: Select all

im6937 convert text.txt text.gif
So do I assume that for the new security issues, one can no longer do that directly and now must add the text: (with colon prefix)

Code: Select all

convert text:text.txt text.gif

User avatar
magick
Site Admin
Posts: 11078
Joined: 2003-05-31T11:32:55-07:00

Re: Possible security limitation IM 6.9.4.2 and 7.0.1.4 Q16 Mac OSX

Post by magick » 2016-05-31T16:24:55-07:00

Correct.

Post Reply