CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc

[Andrej Nemec <anemec () redhat com>]

Hello folks,

While going through our assigned CVEs it was found that this one was
allocated but never reported by the original researcher to the public
list. I am going to list as much information as possible below. Credits
for the findings go to "Meifang, Yang @VARAS of IIE". I advised the
researcher to report this issue upstream, however, it seems the
communication failed.

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL
pointer dereference issue due to missing check of the return value of
function malloc in the BPG encoder. This vulnerability appeared while
converting a malicious JPEG file to BPG.

The problem seems to be line 717 in function image_alloc. Due to the
missing check, value of img->data[i] could be NULL and crash the program.

Unfortunately, I don't have access to the reproducer.

Best Regards,

-- 
Andrej Nemec, Red Hat Product Security
3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA

Attachment: signature.asc
Description: OpenPGP digital signature