oss-sec mailing list archives

LZW decompression issues

From: Tomas Hoger <thoger () redhat com>
Date: Wed, 10 Aug 2011 20:22:20 +0200

Hi!

We've recently came across an issue in commonly re-used LZW
decompression implementations - original BSD compress and GIF reader
written by David Koblas.  Due to an insufficient input checking, invalid
LZW stream can create a loop in the decompression table, leading to the
decompression stack buffer overflow.

Following bugzillas list various code bases that were checked for the
issue and if they are affected or not:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2895
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896

Many code bases are unaffected as the problem was fixed in the past,
so this is probably like N-th re-discovery of the issue.  Some previous
fixes were called security (CVE-2006-1168), some were not.  The problem
may not be security relevant, or have much security impact in all
currently affected code bases, though please mail the list if you come
across any other affected code base that is not already mentioned and
that may be worth fixing.

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

LZW decompression issues Tomas Hoger (Aug 10)
- Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Colin Percival (Sep 28)
  - Re: LZW decompression issues Tomas Hoger (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Tavis Ormandy (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 28)
    - Re: LZW decompression issues Tomas Hoger (Sep 29)
    - Re: LZW decompression issues Tim Zingelman (Sep 29)
    - Re: LZW decompression issues Joerg Sonnenberger (Sep 29)

(Thread continues...)