Vulnerability Development mailing list archives

Re: Segfault in seejpeg 1.10

From: "Giuseppe Dani" <giuseppe.dani () tin it>
Date: Sun, 11 Nov 2001 01:41:24 +0100

I can confirm your doubt, I can reproduce it on my machine with 2.4 kernel.

root@TRiNiTy:/tmp# touch fuj
root@TRiNiTy:/tmp# touch ble
root@TRiNiTy:/tmp# touch chakiery_z_polzki
root@TRiNiTy:/tmp# seejpeg *

Segmentation fault

Here is my system:
root@TRiNiTy:/tmp# uname -a
Linux TRiNiTy 2.4.12 #7 SMP Thu Nov 1 18:16:41 CET 2001 i586 unknown
root@TRiNiTy:/tmp# cat /etc/slackware-version
8.0.0 (åtta)

Bye.
Giuseppe.

----- Original Message -----
From: "Patryk Chmielewski" <argv () jaskinia eu org>
To: <vuln-dev () securityfocus com>
Sent: Saturday, November 10, 2001 9:35 PM
Subject: Segfault in seejpeg 1.10

I found bug in seejpeg 1.10 but i think it's not expolitable.  Let's see:
(my seejpeg don't have suid and i'm showing this bug running seejpeg at

root)



My temporary dir is empty:
root@jaskinia:/tmp$ ls
root@jaskinia:/tmp$

Next we must create some empty files:
root@jaskinia:/tmp$ touch fuj
root@jaskinia:/tmp$ touch ble
root@jaskinia:/tmp$ touch chakiery_z_polzki
root@jaskinia:/tmp$

And main part:

root@jaskinia:/tmp# seejpeg *
[many '\n' :)]
Empty input file

svgalib: Signal 11: Segmentation fault received.
Segmentation fault (core dumped)
root@jaskinia:/tmp#

My OS:
argv@jaskinia:~$ uname -a
Linux jaskinia 2.2.20 #1 Sat Nov 3 22:18:56 CET 2001 i686 unknown
argv@jaskinia:~$
argv@jaskinia:~$ cat /etc/slackware-version
8.0.0 (åtta)
argv@jaskinia:~$

What do you think about this?
Can you reproduce this on your machines?

--
-=[  Patryk Chmielewski   -> :: <-   argv () jaskinia eu org  ]=-
-=[   ******      http://argv.jaskinia.eu.org     ******   ]=-
-=[ "If you lie to the compiler, it will get its revenge." ]=-

Current thread:

Segfault in seejpeg 1.10 Patryk Chmielewski (Nov 10)
- Re: Segfault in seejpeg 1.10 Giuseppe Dani (Nov 10)
- Re: Segfault in seejpeg 1.10 TripleDES (Nov 10)