oss-sec mailing list archives

Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif

From: cve-assign () mitre org
Date: Tue, 5 Jul 2016 18:37:54 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The following (older) issue in libgd's issue tracker can be found,
with possible security impact for applications using the libgd
library. If I see it correctly this is not an issue in the gd2togif
utility but in the library. It was reported upstream as:

https://github.com/libgd/libgd/issues/209

with the fix

https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)

a global out of bounds read error in the function output (gd_gif_out.c), called by compress/GifEncode.

AddressSanitizer: global-buffer-overflow
READ of size 8

gif: avoid out-of-bound reads of masks array #209

When given invalid inputs, we might be fed the EOF marker before it is
actually the EOF. The gif logic assumes once it sees the EOF marker,
there won't be any more data, so it leaves the cur_bits index possibly
negative. So when we get more data, we underflow the masks array.


Use CVE-2016-6161.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXfDSTAAoJEHb/MwWLVhi291kP/0mIr94IjDU3rIIqgymCSiz9
m5TKKASC1ICrj8uGWJevV0Vgis/XOLsnq89r7wPYBBpRn1h8HnSpHsjCCT6vlVUS
ljg0+xmu4jzA9mDWWqlXGJogovThM+nlDVRLLyb7yxEVV1XKZ5AzVoZ8oZBEkETW
hyDaCguy6vvcf5iWiwQU+cy2yM0b4RPs4w6yAgfgGx6I3C4WwDWQgDH+Ps8TS520
3Rf/3r+iPP6OVosoUIDBrJdUwXfmFtj4iMPi3akWHkj9r8Z0LoGRw5OOOWp6zPNS
ud1qzKTKFRSkoiFfSk2/5kn3mGm6NcOIr8liOI/KKSzLNPHk9LEWJXcp6Pm9AePD
vBO+YNpjgvttj4a9ipaiujfn1FL+bU0qKFOjp0/VXEwp5G14tvf/6TJ7SubDQ/gL
FDvM2AUNqRunHdvpy2vp6oX72dcbHlgAvwPAB0okKnhqHPafQkLcnpTUTD57WR0d
WyLC4Klxo3VgkspOVQQDXILZiWMsextr++qn3A9MTHoYfk2/hRCnJKvrHKMKyOFI
5+Oc0WwYY3o5gzcCqCY/RBIM5KT2c1bpLydNt7qEDVzwMl1qLOCQVmgKi0vyYeWl
mBCRCvnTOBLBNFil0t3YIobAGAsp15dskqugLXvLgphqyrPLyBsC/y1iM87OUs0j
O5Dvc/nzWsBu5TRltQAF
=pdF0
-----END PGP SIGNATURE-----

Current thread:

CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Salvatore Bonaccorso (Jul 05)
- Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif cve-assign (Jul 05)