oss-sec mailing list archives
Re: Heapoverflow in giflib5.1.4
From: Solar Designer <solar () openwall com>
Date: Tue, 13 Sep 2016 18:50:06 +0200
On Tue, Sep 13, 2016 at 11:20:08PM +0800, vul @ 724safe wrote:
With Address Sanitizer there is aa heap overflow in giflib 5.1.4 More details are available at: https://sourceforge.net/p/giflib/bugs/102/
When posting to oss-security, please include the actual detail right in your posting (up to 200 KB including MIME overhead, but of course try to keep it smaller than that if at all practical) - not only via external links. I've attached the content of the above link now. Luckily, this one PoC GIF file is tiny: $ base64 poc R0lGODdhKP9/AADZACwAHQAAKAAAAPngp5Lb5QAD4wAAAgAAOwAd Ideally, you would also investigate and patch issues found by ASan, rather than merely include its output, but I realize we can't actually expect anything specific from volunteers. So whatever we've got. Thanks, Alexander
Attachment:
giflib-102-Heap_overflow_in_gif2rgb.c.txt
Description:
Attachment:
poc
Description:
Current thread:
- Heapoverflow in giflib5.1.4 vul (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Solar Designer (Sep 13)