|
Message-ID: <7982464.2MyO2TlKBG@arcadia> Date: Tue, 22 Nov 2016 17:53:52 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: metapixel: multiple assertion failures Description: metapixel is a program for generating photomosaics. A fuzzing on metapixel-imagesize revealed multiple assertion failures. The latest upstream release was about ten years ago, so I didn’t made any report. The bugs do not reside in any shared object which aren’t provided by the package. If you have a web application which relies on the metapixel-imagesize binary, then you are affected. Since the crashes reside in the command line tool, they may don’t warrant a CVE at all, but some distros and packagers would have the bugs fixed in their repository, so I’m sharing them. Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:59: void *open_gif_file(const char *, int *, int *): Assertion `data->file !=0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00059-metapixel-assert-open_gif_file-1 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:63: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetRecordType(data->file, &record_type) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00060-metapixel-assert-open_gif_file-2 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:68: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetImageDesc(data->file) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00061-metapixel-assert-open_gif_file-3 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:102: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetExtension(data->file, &ext_code, &ext) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00062-metapixel-assert-open_gif_file-4 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:106: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetExtensionNext(data->file, &ext) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00063-metapixel-assert-open_gif_file-5 Credit: These bugs were discovered by Agostino Sarubbo of Gentoo. Timeline: 2016-11-22: bugs discovered 2016-11-22: blog post about the issues Note: These bugs were found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/22/metapixel-multiple-assertion-failures -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.