oss-sec mailing list archives
Re: Crashes and memory safety bugs in dcraw
From: Marcus Meissner <meissner () suse de>
Date: Fri, 23 Nov 2018 15:16:30 +0100
On Fri, Nov 23, 2018 at 09:22:17AM +0100, Hanno Böck wrote:
Hi, dcraw is a tool to process raw images from digital cameras. It easily crashes with various issues (tested version 9.28.0). This was very shallow testing (afl fuzzing with random inputs, not starting with valid images), I assume there's much more. I reported those a long time ago to its author, he didn't seem interested in fixing such issues. Some applications use dcraw automatically to parse images (gthumb, kphotoalbum, kde thumbnailers, gwenview). Input samples are base64.
One thing to look at replacement of dcraw is probably libraw, which is more active. (It used the dcraw sources originally.) Ciao, Marcus
Current thread:
- Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Ian Zimmerman (Nov 23)
- Re: Re: Crashes and memory safety bugs in dcraw Bob Friesenhahn (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 27)
- Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo (Nov 23)