oss-sec mailing list archives
CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option
From: Glenn Randers-Pehrson <glennrp () gmail com>
Date: Thu, 31 Dec 2015 13:42:46 -0500
I am requsting a CVE for the following vulnerability in pngcrush. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pngcrush versions 1.7.35 through 1.7.88 will segfault when run with the "-loco" option and multiple trials. This is due to attempting to write to a file that has not yet been opened. The vulnerability can be exploited trivially to create a Denial of Service. Remote exploit is possible if the application accepts remote input and accepts the "-loco" option. No specially crafted PNG file is needed; any valid PNG file can be used in an attack. The bug was discovered by Brian Carpenter using AFL, and is fixed in pngcrush-1.7.91, which was released on December 31, 2015. Glenn Randers-Pehrson pngcrush author and maintainer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWhXTvAAoJEPVJhL+hbGQP6vkP/1fqKQBMXffpVZEJ1DzmTeo5 +F0mLYhRax0xKvvOBFw3jvmCF7Wr7FATXEjUiHc3u9FNeIQwmLosBvCajnWYhExC jjiweKt7ZBg/7NPFLEcKFtVASjQCkSMFTsWO6jWi1PIxJYztp/BGT1FB/H3ecrUZ IHwReuFu3qnjB9hbUy9pbrJmeVSyQY1DWnFwLFJ8PaMrHpvJfXiraPHNaR4WDDDp PgmxVF8GrpINh8oBZP1gLlBiSsiAUvt6C4Bpr/LaMrP/6nnPBW0y3bptGorxa5gY 4Z2k/P+12lU15oV//RG1gYGAE5R7I2fteOLA0ES1Xsvw6re8tJ0oEl9SWmhCBBAj n2C3sCLhK619/KHWx6tety9N5ZCBHdrk6hwYzLVFVLOLmHPyrhhJCI+HJeKde4nw BhruvP+iuhxqjCDoHPoxLnK5FMdYxrGn2vB2lq6AGjFuKtd7Nb2hTsYZu7bnGWYQ dpNiVruRkdABLm621twGdU3GN45DwgfTy8kucypPmkxhmUgz2z30EExNcS1r0ph2 ywmCUz11jYH4oJIrZE3LNSPzuT3zymBmwENbY5GYbAnAYnjbVyy/HcIrp9+eALxZ EkO4hGAFidhijHn8NnMpQI9EIoNMPhiJN9fYKfO56GNFysKEFBeOwzOLIuAYQQb+ v0R8JFw32Xm4ULrDjXk3 =Lm3P -----END PGP SIGNATURE-----
Current thread:
- CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign (Dec 31)