|
Message-ID: <20181123141630.dvpucbyue22ecqed@suse.de> Date: Fri, 23 Nov 2018 15:16:30 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: Crashes and memory safety bugs in dcraw On Fri, Nov 23, 2018 at 09:22:17AM +0100, Hanno Böck wrote: > Hi, > > dcraw is a tool to process raw images from digital cameras. > It easily crashes with various issues (tested version 9.28.0). This was > very shallow testing (afl fuzzing with random inputs, not starting with > valid images), I assume there's much more. I reported those a long time > ago to its author, he didn't seem interested in fixing such issues. > > Some applications use dcraw automatically to parse images (gthumb, > kphotoalbum, kde thumbnailers, gwenview). > > Input samples are base64. One thing to look at replacement of dcraw is probably libraw, which is more active. (It used the dcraw sources originally.) Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.