oss-sec mailing list archives
a bug in gif2rgb.c in giflib-5.1.2
From: xiaoqixue_1 <xiaoqixue_1 () 163 com>
Date: Tue, 26 Jan 2016 22:31:42 +0800 (CST)
We find a memory allocation whose size could be zero in gif2rgb.c.
and It will result to several memory out of bound read and write. the bug in gif2rgb.c:386 :
386 if ((ScreenBuffer = (GifRowType *)
387 malloc(GifFile->SHeight * sizeof(GifRowType))) == NULL)
388 GIF_EXIT("Failed to allocate memory required, aborted.");
Please see "http://sourceforge.net/p/giflib/bugs/82/" for more details.
the bug was found by Qixue Xiao at Tsinghua University.
Current thread:
- Buffer Overflow in lha compression utility Paris Zoumpouloglou (Jan 18)
- Re: Buffer Overflow in lha compression utility cve-assign (Jan 18)
- Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1 (Jan 19)
- Re: an out of bound read is found in libdwarf -20151114 cve-assign (Jan 28)
- a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 26)
- Re: a bug in gif2rgb.c in giflib-5.1.2 cve-assign (Jan 26)
- Re:[oss-security] Re: a bug in gif2rgb.c in giflib-5.1.2 xiaoqixue_1 (Jan 28)
- Re:[oss-security] Re: Buffer Overflow in lha compression utility xiaoqixue_1 (Jan 19)
- Re: Buffer Overflow in lha compression utility cve-assign (Jan 18)