oss-sec mailing list archives
Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif
From: cve-assign () mitre org
Date: Tue, 5 Jul 2016 18:37:54 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The following (older) issue in libgd's issue tracker can be found, with possible security impact for applications using the libgd library. If I see it correctly this is not an issue in the gd2togif utility but in the library. It was reported upstream as: https://github.com/libgd/libgd/issues/209 with the fix https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
a global out of bounds read error in the function output (gd_gif_out.c), called by compress/GifEncode. AddressSanitizer: global-buffer-overflow READ of size 8
gif: avoid out-of-bound reads of masks array #209 When given invalid inputs, we might be fed the EOF marker before it is actually the EOF. The gif logic assumes once it sees the EOF marker, there won't be any more data, so it leaves the cur_bits index possibly negative. So when we get more data, we underflow the masks array.
Use CVE-2016-6161. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXfDSTAAoJEHb/MwWLVhi291kP/0mIr94IjDU3rIIqgymCSiz9 m5TKKASC1ICrj8uGWJevV0Vgis/XOLsnq89r7wPYBBpRn1h8HnSpHsjCCT6vlVUS ljg0+xmu4jzA9mDWWqlXGJogovThM+nlDVRLLyb7yxEVV1XKZ5AzVoZ8oZBEkETW hyDaCguy6vvcf5iWiwQU+cy2yM0b4RPs4w6yAgfgGx6I3C4WwDWQgDH+Ps8TS520 3Rf/3r+iPP6OVosoUIDBrJdUwXfmFtj4iMPi3akWHkj9r8Z0LoGRw5OOOWp6zPNS ud1qzKTKFRSkoiFfSk2/5kn3mGm6NcOIr8liOI/KKSzLNPHk9LEWJXcp6Pm9AePD vBO+YNpjgvttj4a9ipaiujfn1FL+bU0qKFOjp0/VXEwp5G14tvf/6TJ7SubDQ/gL FDvM2AUNqRunHdvpy2vp6oX72dcbHlgAvwPAB0okKnhqHPafQkLcnpTUTD57WR0d WyLC4Klxo3VgkspOVQQDXILZiWMsextr++qn3A9MTHoYfk2/hRCnJKvrHKMKyOFI 5+Oc0WwYY3o5gzcCqCY/RBIM5KT2c1bpLydNt7qEDVzwMl1qLOCQVmgKi0vyYeWl mBCRCvnTOBLBNFil0t3YIobAGAsp15dskqugLXvLgphqyrPLyBsC/y1iM87OUs0j O5Dvc/nzWsBu5TRltQAF =pdF0 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Salvatore Bonaccorso (Jul 05)
- Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif cve-assign (Jul 05)