Source: imagemagick Version: 8:6.9.7.4+dfsg-13 Severity: important Tags: security upstream X-Debbugs-CC: t...@security.debian.org control: found -1 8:6.8.9.9-5+deb8u8 control: found -1 8:6.8.9.9-5+deb8u9 control: found -1 8:6.7.7.10-5+deb7u14 control: found -1 8:6.7.7.10-5+deb9u1 forwarded: https://github.com/ImageMagick/ImageMagick/issues/596
It appears to still be an issue with https://www.imagemagick.org/download/beta/ImageMagick-6.9.9-1~beta20170721.tar.xz. If you try to read an image whose width exactly matches MAGICK_WIDTH_LIMIT, ImageMagick returns a "width or height exceeds limit" error, as expected. However, the next time you try to read a png, it gets permanently stuck in LockSemaphoreInfo - I'm assuming that the first time failed to unlock it. I'm able to reproduce it with this code: #include <stdio.h> #include <string.h> #include "magick/MagickCore.h" #include "magick/magick-config.h" void PrintImage(char* filename) { ImageInfo* info = CloneImageInfo((ImageInfo *) NULL); strcpy(info->filename, filename); SetImageInfoFile(info, NULL); ExceptionInfo *exception = AcquireExceptionInfo(); printf("Attempt to read %s\n", filename); Image* image = ReadImage(info, exception); printf("%s: %s %s\n", info->filename, exception->reason, exception->description); if (image) { printf("%ix%i\n", image->columns, image->rows); DestroyImage(image); } DestroyExceptionInfo(exception); DestroyImageInfo(info); } int main(int argc, char *argv[]) { if (argc < 2) { printf("specify a filename to read\n"); return 1; } MagickCoreGenesis(*argv,MagickTrue); PrintImage(argv[1]); PrintImage(argv[1]); return 0; } by passing it the path to a png file, with MAGICK_WIDTH_LIMIT set to the exact width of that png.