oss-security - Re: Heapoverflow in giflib5.1.4

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20160913215303.56ec6504@hboeck.de>
Date: Tue, 13 Sep 2016 21:53:03 +0200
From: Hanno Böck <hanno@...eck.de>
To: Seth Arnold <seth.arnold@...onical.com>
Cc: "vul@...safe" <vul@...safe.com>, oss-security@...ts.openwall.com
Subject: Re: Heapoverflow in giflib5.1.4

On Tue, 13 Sep 2016 12:24:23 -0700
Seth Arnold <seth.arnold@...onical.com> wrote:

> Hanno, can you still reproduce this issue? I followed your excellent
> reproducer script and I don't get any ASAN warnings. If you still get
> ASAN warnings this may indicate the source of the confusion.

Ok, interesting:
I can't reproduce it any more with my poc or the poc from bug 102 with
the git code.

I can however easily generate another sample that causes the same bug.
See attachment.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Download attachment "gif2rgb-oob-new.gif" of type "image/gif" (42 bytes)

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.