[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] metapixel: multiple assertion failures
From: Agostino Sarubbo <ago () gentoo ! org>
Date: 2016-11-22 16:53:52
Message-ID: 7982464.2MyO2TlKBG () arcadia
[Download RAW message or body]
Description:
metapixel is a program for generating photomosaics.
A fuzzing on metapixel-imagesize revealed multiple assertion failures. The
latest upstream release was about ten years ago, so I didn't made any report.
The bugs do not reside in any shared object which aren't provided by the
package. If you have a web application which relies on the metapixel-imagesize
binary, then you are affected. Since the crashes reside in the command line
tool, they may don't warrant a CVE at all, but some distros and packagers
would have the bugs fixed in their repository, so I'm sharing them.
Affected version:
1.0.2
Output/failure:
metapixel-imagesize: rwgif.c:59: void *open_gif_file(const char *, int *, int
*): Assertion `data->file !=0′ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00059-metapixel-assert-open_gif_file-1
##########################################
Affected version:
1.0.2
Output/failure:
metapixel-imagesize: rwgif.c:63: void *open_gif_file(const char *, int *, int
*): Assertion `DGifGetRecordType(data->file, &record_type) != 0′ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00060-metapixel-assert-open_gif_file-2
##########################################
Affected version:
1.0.2
Output/failure:
metapixel-imagesize: rwgif.c:68: void *open_gif_file(const char *, int *, int
*): Assertion `DGifGetImageDesc(data->file) != 0′ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00061-metapixel-assert-open_gif_file-3
##########################################
Affected version:
1.0.2
Output/failure:
metapixel-imagesize: rwgif.c:102: void *open_gif_file(const char *, int *, int
*): Assertion `DGifGetExtension(data->file, &ext_code, &ext) != 0′ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00062-metapixel-assert-open_gif_file-4
##########################################
Affected version:
1.0.2
Output/failure:
metapixel-imagesize: rwgif.c:106: void *open_gif_file(const char *, int *, int
*): Assertion `DGifGetExtensionNext(data->file, &ext) != 0′ failed.
Commit fix:
N/A
Fixed version:
N/A
Testcase:
https://github.com/asarubbo/poc/blob/master/00063-metapixel-assert-open_gif_file-5
Credit:
These bugs were discovered by Agostino Sarubbo of Gentoo.
Timeline:
2016-11-22: bugs discovered
2016-11-22: blog post about the issues
Note:
These bugs were found with American Fuzzy Lop.
Permalink:
https://blogs.gentoo.org/ago/2016/11/22/metapixel-multiple-assertion-failures
--
Agostino Sarubbo
Gentoo Linux Developer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic