Imagemagick 6.3.7.9 and PSD file denial of service

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
ricardo

Imagemagick 6.3.7.9 and PSD file denial of service

Post by ricardo »

Hi guys,

I'm running Debian Etch with a backported Imagemagick version (6.3.7.9.dfsg1-2). Basically I'm writing this post because I have a big problem with this version. In my project I'm using identify to detect the image format, and, if it's JPEG, GIF or PNG, convert it and store, and if not, reject it. Basically my dedicated image processors are having problems with this detection, having a very strange behaviour. When I execute the identify over the image, identify start to write to /tmp/magick-xxxx.tmp a file until no space left of device. The server finally run out of space and start to fail. I discover that using strace.

The problem is absolutelly reploducible with a PSD image (Main layer with a image, and two layers, one with a line and other one empty). I can't provide you the image because it's a user image with personal information. Making some test I discovered that using -ping parameter the identify works fine. The output of that:

IMAGE PSD 300x400 300x400+0+0 DirectClass 8-bit 718.738kb

My versions are:
imagemagick 6.3.7.9.dfsg1-2
libmagick++10 6.3.7.9.dfsg1-2
libmagick10 6.3.7.9.dfsg1-2


I was searching in the forum about that, but I don't find anything about this version and this error, like a vulnerability, or whatever.

Thanks,
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Imagemagick 6.3.7.9 and PSD file denial of service

Post by magick »

Instead of
  • identify image.psd
use
  • identify 'image.pdf[0]'
that only returns the first layer of the image instead of all the layers. Otherwise, to allow ImageMagick to do its work you can point it to a path that has plenty of free space:
  • export MAGICK_TMPDIR=/data/
Or limit the resources consumed by ImageMagick:
  • identify -limit memory 32 -limit map 64 -list disk 1gb myimage.png
Here the program exits if more than 1gb of disk is consumed.

Consider the Q8 version of ImageMagick which consumes 1/2 the memory than the normal Q16 version.
ricardo

Re: Imagemagick 6.3.7.9 and PSD file denial of service

Post by ricardo »

Thanks for your quickly response. I will review the code.

Regards,
Post Reply