oss-sec mailing list archives
Re: CVE Request: heap buffer overflow in gdk-pixbuf
From: Pedro Ribeiro <pedrib () gmail com>
Date: Mon, 25 Jul 2022 12:15:40 +0700
On 24/07/2022 10:35, Pedro Ribeiro wrote:
On 24 Jul 2022, at 01:08, John Helmert III <ajak () gentoo org> wrote: On Sat, Jul 23, 2022 at 07:35:42PM +0700, Pedro Ribeiro wrote:Hi, A year ago I found and submitted a vulnerability to the gdk-pixbuf tracker: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 It's a heap buffer overflow using a crafted GIF, which is likely exploitable in 32 bit systems. Full details are in the link above in the bug tracker. This was patched and the fix was merged 8 months ago as seen here: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 The issue is now public, but since no CVE was attributed, it probably is not being considered as a problem for downstream users of the package. As of today, the latest Debian stable package is affected by this vulnerability. Using a GNOME file system browser and browsing to that folder will cause a crash, as will opening it up in a GNOME image viewer and even attempting to load it in Chromium (should have submitted to them for a bounty :D). Hence I'd like to get a CVE to raise awareness for this issue, so that downstream users of the package can get patched. Thanks and regards, Pedro RibeiroHi, according to the oss-security Openwall wiki page [1], CVEs need to be requested via MITRE's web form [2]. [1] https://oss-security.openwall.org/wiki/mailing-lists/oss-security [2] https://cveform.mitre.org/Hi John, Thanks for the info, will request via the form and post here again once I have a CVE number. In any case I hope this post is useful to raise awareness of the issue to distro maintainers. Regards Pedro
Actually I was wrong, this doesn't crash Chromium! But it still crashes with a heap buffer overflow in GNOME file explorer and GNOME image viewers (anything using gdk-pixbuf really) as said in the previous email though.
Here's the CVE number that was attributed by MITRE: CVE-2021-46829.I've put a copy of the PoC and bug report at https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md
Regards, Pedro
Current thread:
- CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 23)
- Re: CVE Request: heap buffer overflow in gdk-pixbuf John Helmert III (Jul 23)
- Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 24)
- Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 24)
- Re: CVE Request: heap buffer overflow in gdk-pixbuf Pedro Ribeiro (Jul 24)
- Re: CVE Request: heap buffer overflow in gdk-pixbuf John Helmert III (Jul 23)