oss-sec mailing list archives
mupdf: heap-based buffer overflow in fz_subsample_pixmap
From: Agostino Sarubbo <ago () gentoo org>
Date: Mon, 06 Feb 2017 12:32:21 +0100
Hello, there in an heap overflow in fz_subsample_pixmap. The bug was discovered by Kamil Frankowicz which said to have tested it against the current git head. The same testcase does not crash the current stable 1.10a, but I can confirm (with a round of fuzzing on 1.10a) that stable is affected. No fix atm. Details: https://bugs.ghostscript.com/show_bug.cgi?id=697515 Reproducer for 1.10a: https://github.com/asarubbo/poc/blob/master/00148-mupdf-heapoverflow-fz_subsample_pixmap -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 09)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)