|
Message-ID: <b31ce992-8cb7-15c7-397f-7408bb459027@redhat.com>
Date: Thu, 20 Apr 2017 16:26:16 +0200
From: Andrej Nemec <anemec@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc
Hello folks,
While going through our assigned CVEs it was found that this one was
allocated but never reported by the original researcher to the public
list. I am going to list as much information as possible below. Credits
for the findings go to "Meifang, Yang @VARAS of IIE". I advised the
researcher to report this issue upstream, however, it seems the
communication failed.
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL
pointer dereference issue due to missing check of the return value of
function malloc in the BPG encoder. This vulnerability appeared while
converting a malicious JPEG file to BPG.
The problem seems to be line 717 in function image_alloc. Due to the
missing check, value of img->data[i] could be NULL and crash the program.
Unfortunately, I don't have access to the reproducer.
Best Regards,
--
Andrej Nemec, Red Hat Product Security
3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.