CVE-2017-1000445

Vulnerability

ImageMagick versions 7.0.7-1 and earlier are vulnerable to a null pointer dereference in the MagickCore component, specifically in the SketchImage function within MagickCore/fx.c. The flaw occurs when AcquireRandomInfoThreadSet returns NULL due to a failed memory allocation, and the code later dereferences the random_info pointer without a NULL check. This issue also exists in the latest development branch at the time of disclosure. The vulnerability is triggered when a user or automated system processes a specially crafted image file [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a malformed image file that causes a memory allocation failure during processing. No authentication is required; the attacker only needs to trick a user or an automated system into opening the image with ImageMagick. The vulnerable code path involves the AcquireRandomInfoThreadSet call returning NULL, followed by unconditional dereferences such as GetRandomSecretKey(random_info[0]), leading to a null pointer dereference and subsequent crash [2].

Impact

Successful exploitation results in a null pointer dereference, causing a denial of service (DoS). The application processing the image may crash. Additionally, the Ubuntu security advisory notes that the same class of malformed image files could potentially lead to arbitrary code execution with the privileges of the user invoking the program, though the specific CVE-2017-1000445 is primarily associated with the DoS via null pointer dereference [1][2].

Mitigation

The issue is addressed in ImageMagick version 7.0.7-2 and later. Ubuntu released a fix in USN-3681-1, updating packages to version 8:6.9.7.4+dfsg-16ubuntu6.7 (for Ubuntu 18.04 LTS) and similar version bumps for other releases. Users should update their ImageMagick installation via their package manager or by building from source [1].