Hi, in this article we’ll talk about ImageMagick vulnerabilities.
PoC generator for CVE-2018–16323 (Memory leakage via XBM images in ImageMagick)
What is the ImageMagick? From imagemagick.org:
Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.
This is a very rich library for processing images. If you google “how to resize a picture in php” or “how to crop an image”, then most likely you will find advice on how to use ImageMagick. This library has long had security problems. And today we will look at a fresh vulnerability and recall some old ones.
Part 1 — Yet another memory leak
For the past two years vulnerabilities in ImageMagick libraries have appeared almost every month. Fortunately, many of them are some kind of not applicable DoS, which does not pose serious security problems. But recently we have noticed an interesting CVE-2018–16323.
Sounds easy! But we didn’t find any information about exploit for this vulnerability.
Look at the commit referenced to the CVE:
“XBM coder leaves the hex image data uninitialized if hex value of the pixel is negative“
Hmm.. Let’s explore the XBM file format. A common XBM image looks like this: