oss-sec mailing list archives
CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc
From: Andrej Nemec <anemec () redhat com>
Date: Thu, 20 Apr 2017 16:26:16 +0200
Hello folks, While going through our assigned CVEs it was found that this one was allocated but never reported by the original researcher to the public list. I am going to list as much information as possible below. Credits for the findings go to "Meifang, Yang @VARAS of IIE". I advised the researcher to report this issue upstream, however, it seems the communication failed. A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. The problem seems to be line 717 in function image_alloc. Due to the missing check, value of img->data[i] could be NULL and crash the program. Unfortunately, I don't have access to the reproducer. Best Regards, -- Andrej Nemec, Red Hat Product Security 3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Andrej Nemec (Apr 20)