oss-sec mailing list archives
LZW decompression issues
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 10 Aug 2011 20:22:20 +0200
Hi! We've recently came across an issue in commonly re-used LZW decompression implementations - original BSD compress and GIF reader written by David Koblas. Due to an insufficient input checking, invalid LZW stream can create a loop in the decompression table, leading to the decompression stack buffer overflow. Following bugzillas list various code bases that were checked for the issue and if they are affected or not: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2895 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896 Many code bases are unaffected as the problem was fixed in the past, so this is probably like N-th re-discovery of the issue. Some previous fixes were called security (CVE-2006-1168), some were not. The problem may not be security relevant, or have much security impact in all currently affected code bases, though please mail the list if you come across any other affected code base that is not already mentioned and that may be worth fixing. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- LZW decompression issues Tomas Hoger (Aug 10)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Colin Percival (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tavis Ormandy (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 29)
- Re: LZW decompression issues Tim Zingelman (Sep 29)
- Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 28)